Q
Manage Learn to apply best practices and optimize your operations.

How is cross-platform malware carried in Word docs?

Cross-platform malware enables attackers to leverage their attacks using infected Microsoft Word docs. Expert Nick Lewis explains how the attacks work and how to defend against them.

Researchers at Fortinet Inc. recently discovered a sample of cross-platform malware, a type of malware designed...

to infect either Windows systems or macOS systems depending on which operating system the victim is using. The malware is being spread through Microsoft Word documents. How does cross-platform malware execute on different operating systems?

Cross-platform development environments have long been a goal for many application developers because the environments free them to focus on functionality and widespread adoption, instead of having to know the intricacies of different platforms to make their application work. This means the application development environment has to be able to compile the code to binaries for all the targeted operating systems or for an application execution environment, like the Java Runtime Environment, for the code to execute.

Malware authors share that goal, as it enables them to infect the most systems. Researchers at Fortinet analyzed a new piece of cross-platform malware targeting Windows and macOS systems.

Instead of using Java for the code execution, this cross-platform malware uses a Microsoft Word document with a macro to call built-in scripting languages to run the malicious code on the endpoint. The malicious macro detects the target system's operating system, and then uses Python on macOS systems or PowerShell on Windows systems to execute the malicious code. The script then calls out to an external system to download the rest of the cross-platform malware.

Protection from malicious Word docs should be a standard part of an enterprise's information security controls. Fortinet released indicators of compromise for the cross-platform malware, and it has added network detections now.

Adding the malicious URLs to network controls to block endpoints from downloading the additional malware can prevent the infected systems from being completely taken over.

Next Steps

Learn about Fruitfly Mac, another cross-platform malware

Read about evaluating endpoint security solutions for protection against malware

Find out about malware attacks that don't leave any files behind

This was last published in August 2017

Dig Deeper on Endpoint protection and client security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What has been your experience with cross-platform malware?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close