New CallMe malware discovered
Published February 13th, 2013 at 2:11 PM EDT , modified February 13th, 2013 at 4:34 PM EDT
Intego announced today the discovery of a new Mac trojan, which they are calling OSX/CallMe.A. This malware is spread through maliciously-crafted Microsoft Word documents that, when opened, result in a backdoor being installed. The backdoor in question sounds very simple, giving the hackers the ability to run commands (through a bash shell) and steal the user’s Address Book data.
Fortunately, this malware poses very little risk to anyone, for two reasons. First, it’s yet another case of an attack targeted specifically at Tibetan activists. If you’re not a Tibetan activist, you’re not likely to ever see this malware, much like the other bits of malware that have been aimed at Tibetans (Tibet, Sabpab and Dockster).
Even if you’re a Tibetan activist, though, you still aren’t likely to fall victim, for a second reason: the malware relies on exploiting CVE-2009-0563, a very old Microsoft Word vulnerability. Microsoft released an update that fixed this vulnerability in affected versions of Word back in June of 2009. So, the only people who have any chance at all of being infected with this malware are Tibetan activists who haven’t installed any Microsoft Office updates in almost 4 years. I’m sure there are a few of them out there, but probably not very many. Everyone else can rest easy, knowing that we’re safe from this one.