Mac users have one less reason to feel supererior to PC users: Apple computers are not quite as resistant to malware as they used to be. Especially, it seems, if you live in China. Doubly so if you are a member of an ethnic minority, the Uyghurs, who held mass protests in 2009 and 2012, which escalated into full-scale riots.
The cyber-attacks against Uyghur users on Macs is another incident in the long string of probably government-sponsored hacking programs against several groups, including Tibetans, NGOs and human rights organizations.
AlienVault Labs and Kaspersky released two reports detailing spearphishing schemes targeted at Mac users who support the Uyghur people. The targets receive an e-mail with a subject relevant to their interests, and a Word document attached. When they open the document, TinySHell exploits a vulnerability (that has been fixed since Microsoft Office Word 2003 Service Pack 3 was released in 2009), then infects the computer and allows long-term monitoring or even control of the compromised system though a backdoor it installs.
Fortunately for most Mac users, the spearphishing attempts are crude (there are several telltale signs that you are being phished). Additionally, the most vulnerable computers are ones that have not been updated and whose users do not keep up with security patches.
Kaspersky offers a list of recommendations to keep Macs secure. Using a GMail account will provide advance warning against state-sponsored attacks and employ defense mechanisms that are not available on other free e-mail services. Updating to the latest version of Microsoft Office, installing anti-malware programs, using Google Chrome and even consulting the friend who allegedly sent the e-mail all help as well.
The methods in this instance are unpolished, but it does in many ways make sense for the government: if a cheaper, more basic and less resource-intensive strategy can achieve the ends, why use a more expensive or sophisticated program? Of course, given the recent attacks on the New York Times and previous attempts to infiltrate Google, the Chinese government has proven itself capable of harnessing more advanced techniques to exploit systems it finds undesirable.
"With these attacks, we continue to see an expansion of the APT capabilities to attack Mac OS X users," Kaspersky's report concluded. "In general, Mac users operate under a false sense of security which comes from the years old mantra that ‘Macs don’t get viruses’. "
