Uyghur Mac users targeted with spear-phishing emails

Uyghur activists are, once again, targeted with spear-phishing emails whose goal is to set up a backdoor on the victims’ computers.

The Uyghurs are a Turkic ethnic group, most of which live in the Xinjiang Uyghur Autonomous Region in the People’s Republic of China.

This time around only Mac users are targeted, with emails delivering booby-trapped .doc files that purportedly contain text regarding the Uyghur people and their political struggle: Concerns over Uyghur People.doc, 2013-02-04 – Deported Uyghurs.doc, The Universal Declaration of Human Rights and the Unrecognized Population Groups.doc, and so on.

“All the attacks use exploits for the CVE-2009-0563 (Microsoft Office) vulnerability – this particular exploit can be easily identified by the author of the underlying document, which is the famous ‘captain’,” points out Kaspersky Lab expert Costin Raiu. “All the documents contain a second, ‘fake’ document which is shown to the victim when the exploit is run successfully.”

The malware sets up a backdoor and and info-stealer.

The vulnerability that the attackers take advantage of has been patched in 2009, so Raiu advises Uyghur users and others to keep their Microsoft Office updates.

He also urges them to use a Gmail email account (because of two-facto authentication and warnings against nation state sponsored attacks), using Google Chrome (because it’s more resilient to malware attacks than other browsers), install an Internet Security Suite and, when in doubt about the legitimacy of an email, to ask the sender if he actually sent the email in the first place.