Skip to main content

Watch Out: Trump-Themed Malware Targeting Macs

When you find Mac-specific malware with Donald Trump in the file name, you just know, folks, that it's gonna be the best malware ever. It's so tremendous, you won't even believe how much it can compromise your Mac. It's gonna build a wall between you and your files, people, and it’s gonna make you pay for it.

And most of those antivirus programs, most of them are not going to do a thing to help you, folks. Not one thing. Sad!

Credit: A Katz/Shutterstock

(Image credit: A Katz/Shutterstock)

If you see a Word file with Donald Trump’s name in it — especially from an email address you don’t know — just ignore it. If you download an Office file and it asks you for permission to run macros, just ignore it,  unless you know what the macros do.

MORE: Best Encrypted Messaging Apps

Here's how the malware works. According to Objective-See, the blog where Synack security researcher Patrick Wardle analyzes macOS malware. Mac users get an email. It includes a Word document called "U.S. Allies and Rivals Digest Trump's Victory — Carnegie Endowment for International Peace." But when you click on it, it's not about Trump. You simply can't trust this email.

The Word document tells users that it contains macros and that you've got to activate them. But the macros don't do anything in Word; they open up a binary file instead. Very bad. This launches a function called Fisher, which runs a Python code to download a payload from a site called "SecurityChecking." But the cybercriminals don't have an active payload up and running right now, so it's impossible to tell what kind of malware it might be.

VirusTotal has the facts on the harmful Word document, and they’re not encouraging. Out of 56 major programs, only 16 can recognize it right now, including Avast, Bitdefender, F-Secure and Symantec. Programs like AVG, Avira, Kaspersky, Sophos and TrendMicro leave it out.

Right now, the infected file can’t do much harm, but as soon as a payload goes up, your privacy could be at risk. The style of attack has been used in phishing schemes before, and if your AV program can’t detect the downloader, you could be giving your computer’s login info to all sorts of bad guys.