In the blog we posted on March 22, FortiGuard Labs introduced a new Word Macro malware sample that targets both Apple Mac OS X and Microsoft Windows. After deeper investigation of this malware sample, we can confirm that after a successful infection the post-exploitation agent Meterpreter is run on the infected Mac OS X or Windows system. Meterpreter is part of the Metasploit framework. More information about Meterpreter can be found here.
For this to work, the attacker’s server must be running Metasploit as the controller to control the infected systems. Since the attacker’s server doesn’t currently respond to any requests, we decided to set up a Metasploit to confirm our observation.
Fortinet Blog
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.