{"id":63976,"date":"2017-03-28T12:53:33","date_gmt":"2017-03-28T19:53:33","guid":{"rendered":"https:\/\/www.intego.com\/mac-security-blog\/?p=63976"},"modified":"2017-04-10T08:26:31","modified_gmt":"2017-04-10T15:26:31","slug":"beware-dangerous-macro-malware-ahead","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/","title":{"rendered":"Beware! Dangerous Macro Malware Ahead"},"content":{"rendered":"<p><a href=\"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/macro-malware\/\" rel=\"attachment wp-att-64483\"><img loading=\"lazy\" class=\"aligncenter size-full wp-image-64483\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/macro-malware.jpg\" alt=\"Macro Malware\" width=\"600\" height=\"300\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/macro-malware.jpg 600w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/macro-malware-150x75.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/macro-malware-300x150.jpg 300w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/a><\/p>\n<p>Macro malware has been around for a long time, and just like most malware, Mac users have largely been ignored. Macro malware became even less of a threat in 2008 when Microsoft removed macro support from their Mac Office products, but in 2011 macro support was back in the new Office 2011 version. Since then, technically, Mac users have been just as vulnerable to macro malware as they were before 2008.<\/p>\n<p>So why haven&#8217;t we seen a flood of macro malware targeting the Mac? Most malware seen on macOS lags behind their Windows counterparts, significantly in how often it occurs, how sophisticated it is and how it attacks. Macro malware appears to be no different. But before we get comfy\u00a0thinking we, as Mac users, are not in the crosshairs of these threats, beware! Dangerous macro malware\u00a0is\u00a0evolving.<\/p>\n<p>In just the last three months, two macro malware have been discovered targeting\u00a0Mac computers.\u00a0Here&#8217;s what we know about these new threats and what to\u00a0expect ahead.<\/p>\n<h3>EmPyre Word Macro File<\/h3>\n<p>The first was discovered early February in a malicious Word document, titled, &#8220;U.S. Allies and Rivals Digest Trump&#8217;s Victory &#8211; Carnegie Endowment for International Peace.docm.&#8221;<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/OSX?src=hash\">#OSX<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/Macro?src=hash\">#Macro<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/EmPyre?src=hash\">#EmPyre<\/a> &quot;U.S. Allies and Rivals Digest Trump\u2019s Victory &#8211; Carnegie Endowment for International Peace&quot; <a href=\"https:\/\/t.co\/8P0iSE1tWH\">https:\/\/t.co\/8P0iSE1tWH<\/a><\/p>\n<p>&mdash; Snorre Fagerland (@fstenv) <a href=\"https:\/\/twitter.com\/fstenv\/status\/828552352588247040\">February 6, 2017<\/a><\/p><\/blockquote>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>At the time of discovery, while this Word\u00a0macro no longer appeared\u00a0to be fully functional, it checked for the presence of Little Snitch, and if that was not found a payload would be installed.<\/p>\n<blockquote><p><code><span class=\"n3rdFont\">cmd = \"ps -ef | grep Little\\ Snitch | grep -v grep\"<br \/>\nps = subprocess.Popen(cmd, shell = True, stdout = subprocess.PIPE)<br \/>\nout = ps.stdout.read()<br \/>\nps.stdout.close()<br \/>\nif re.search(\"Little Snitch\", out):<br \/>\nsys.exit()<\/span><\/code><\/p><\/blockquote>\n<p>If functional, this macro malware could have resulted in a remote attacker having control over the infected machine and grab\u00a0screenshots, log keystrokes, snatch the iMessage chat history, and keychain contents, among other things. This macro malware got the name EmPyre, because the Python script it leverages &#8220;is taken, almost verbatim from the open-source <a class=\"inlineLink\" href=\"https:\/\/github.com\/EmpireProject\/EmPyre\">EmPyre<\/a> project,&#8221; Patrick Wardle said\u00a0<a href=\"https:\/\/objective-see.com\/blog\/blog_0x17.html\" target=\"_blank\">on his blog<\/a>.<\/p>\n<p><a href=\"https:\/\/www.intego.com\/antivirus-mac-internet-security\" target=\"_blank\">Intego VirusBarrier<\/a> with up-to-date malware definitions will detect and eradicate this threat, identified as <strong>W97M\/Downloader<\/strong>.<\/p>\n<h3>VBA Macro Executes Malicious Code on macOS<\/h3>\n<p>The same goes for a macro malware <a href=\"https:\/\/blog.fortinet.com\/2017\/03\/22\/microsoft-word-file-spreads-malware-targeting-both-apple-mac-os-x-and-microsoft-windows\" target=\"_blank\">discovered late March by FortiGuard Labs<\/a>. While this Word macro was also unable to contact its Command and Control (C&amp;C) server to download a malicious payload, it was found to be a functional macro that adapts to the operating system\u00a0it ends up on; for instance, it does different things depending on the operating system it infects (i.e. macOS vs. Windows).<\/p>\n<p>On macOS, it downloads a python script that is a slightly modified version of the Python meterpreter file, which is also part of the Metasploit framework. Metasploit is an open source exploit development framework that could be used to create malware and other tools to attack systems. It does have a number of legitimate applications in computer security as well.<\/p>\n<p>The modification is minor, but it gives the malware author an easy way to leverage Metasploit&#8217;s power for his own purposes.<\/p>\n<blockquote>\n<ol>\n<li>The HTTP_CONNECTION_URL constant (hxxps:\/\/sushi.vvlxpress.com:443\/TtxCTzF1Q2gqND8gcvg-cwGEk5tPhorXkzS0gXv9-zFqsvVHxi-1804lm2zGUE31cs\/) is set to the Metasploit end-point that the script will be connecting to.<\/li>\n<li>The PAYLOAD_UUID constant is used as an identifier for the client, which we believe is also being used by the attackers for campaign-tracking purposes.<\/li>\n<\/ol>\n<\/blockquote>\n<p><img loading=\"lazy\" class=\"size-full wp-image-64438 aligncenter\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/VBA-Macro-Malware-Compare.png\" alt=\"\" width=\"1115\" height=\"528\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/VBA-Macro-Malware-Compare.png 1115w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/VBA-Macro-Malware-Compare-150x71.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/VBA-Macro-Malware-Compare-300x142.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/VBA-Macro-Malware-Compare-768x364.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/VBA-Macro-Malware-Compare-1024x485.png 1024w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/VBA-Macro-Malware-Compare-657x311.png 657w\" sizes=\"(max-width: 1115px) 100vw, 1115px\" \/><\/p>\n<p>Once the script is executed, it attempts to connect to the host \u201csushi.vvlxpress.com\u201d on port 443. This is the C&amp;C server that was no longer operational at the time of analysis. The python process remains active on the system while trying to connect to a reachable server.<\/p>\n<p>Having code to run on both Windows and macOS ads is indeed an interesting development.<\/p>\n<div id=\"attachment_64417\" style=\"width: 591px\" class=\"wp-caption aligncenter\"><img aria-describedby=\"caption-attachment-64417\" loading=\"lazy\" class=\"wp-image-64417 size-full\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Word-Marco-Windows-or-macOS.jpg\" width=\"581\" height=\"368\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Word-Marco-Windows-or-macOS.jpg 581w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Word-Marco-Windows-or-macOS-150x95.jpg 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Word-Marco-Windows-or-macOS-300x190.jpg 300w\" sizes=\"(max-width: 581px) 100vw, 581px\" \/><p id=\"caption-attachment-64417\" class=\"wp-caption-text\">Calling different route according to OS type. Image courtesy: FortiGuard Labs<\/p><\/div>\n<p>This latest macro malware might be a glimpse of things to come. If macro malware authors can affect multiple OS&#8217;s with one malicious file, it&#8217;s not hard to imagine that\u00a0they will use these techniques whenever they can. In the past, exchanging files between Windows and Mac was not really a concern as malware was\u00a0mostly OS specific, however, macro malware like this may change that. We therefore issue a strong warning to beware of dangerous macro malware ahead.\u00a0Build your bunker and load up on ammo:\u00a0Fortify\u00a0your Mac with <a href=\"https:\/\/www.intego.com\/mac-security-blog\/targeted-malware-attacks-and-the-importance-of-layered-protection\/\" target=\"_blank\">layers of protection<\/a>\u00a0to keep the bad guys out.<\/p>\n<h3>How to\u00a0Stay Safe from Macro Malware on a Mac<\/h3>\n<p>To get started, here&#8217;s a few tips you can use to stay safe from macro malware.<\/p>\n<p>If you use Microsoft Office for Mac version 2011 or 2016, macro&#8217;s are supported. Office applications by default have a setting enabled that warns you when opening a file that uses a macro. In Word, Excel and PowerPoint this can be found in <strong>Preferences<\/strong> &gt; <strong>Security &amp; Privacy<\/strong>:<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter wp-image-63988 size-full\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Office-word-macro-preference-1024x747.png\" alt=\"Macro Security\" width=\"1024\" height=\"747\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Office-word-macro-preference-1024x747.png 1024w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Office-word-macro-preference-1024x747-150x109.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Office-word-macro-preference-1024x747-300x219.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Office-word-macro-preference-1024x747-768x560.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Office-word-macro-preference-1024x747-657x479.png 657w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p>As long as the &#8220;Warn before opening a file that contains macros&#8221;\u00a0option is enabled, opening a file that contains macros (malicious or not) will trigger the following warning:<\/p>\n<p><img loading=\"lazy\" class=\"aligncenter wp-image-63994 size-full\" src=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/office-word-macro-warning-1024x389.png\" alt=\"Macros Warning \" width=\"1024\" height=\"389\" srcset=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/office-word-macro-warning-1024x389.png 1024w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/office-word-macro-warning-1024x389-150x57.png 150w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/office-word-macro-warning-1024x389-300x114.png 300w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/office-word-macro-warning-1024x389-768x292.png 768w, https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/office-word-macro-warning-1024x389-657x250.png 657w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/p>\n<p>Even if the document comes from a trusted source, ask whoever sent it\u00a0about the Macros it contains. Do they know the document has Macro&#8217;s? Do they know why? Unless you&#8217;re absolutely sure of the source, don&#8217;t open the document\u2014or at least disable Macros when the alert pops up.<\/p>\n<p>All this points out an important fact; no matter what operating system you have, security is no longer &#8220;nice to have,&#8221; but is a must-have tool in your arsenal.\u00a0Protecting yourself today can save you a world of headaches tomorrow. Of course, <a href=\"https:\/\/www.intego.com\/antivirus-mac-internet-security\">Intego VirusBarrier and NetBarrier<\/a>\u00a0have your back and will catch any known macro malware as soon as it attempts to get onto your Mac. And for even more ways to protect your Mac, check out these\u00a0<a href=\"https:\/\/www.intego.com\/mac-security-blog\/15-mac-hardening-security-tips-to-protect-your-privacy\/\" target=\"_blank\">15 Mac-hardening security tips<\/a>\u00a0from Intego to keep you safe, private and secure.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Macro malware has been around for a long time, and just like most malware, Mac users have largely been ignored. Macro malware became even less of a threat in 2008 when Microsoft removed macro support from their Mac Office products, but in 2011 macro support was back in the new Office 2011 version. Since then, [&hellip;]<\/p>\n","protected":false},"author":79,"featured_media":64531,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[190],"tags":[3379,3376,3439,3373],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"description\" content=\"Macro malware has been around for a long time, and just like most malware, Mac users have largely been ignored. Macro malware became even less of a threat\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Beware! Dangerous Macro Malware Ahead - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Macro malware has been around for a long time, and just like most malware, Mac users have largely been ignored. Macro malware became even less of a threat\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-03-28T19:53:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-04-10T15:26:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Danger-Macro-Malware-Ahead.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"400\" \/>\n\t<meta property=\"og:image:height\" content=\"260\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jay Vrijenhoek\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\",\"name\":\"Intego\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Danger-Macro-Malware-Ahead.jpeg\",\"contentUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Danger-Macro-Malware-Ahead.jpeg\",\"width\":400,\"height\":260,\"caption\":\"Dangerous Macro Malware Ahead\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#webpage\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/\",\"name\":\"Beware! Dangerous Macro Malware Ahead - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#primaryimage\"},\"datePublished\":\"2017-03-28T19:53:33+00:00\",\"dateModified\":\"2017-04-10T15:26:31+00:00\",\"description\":\"Macro malware has been around for a long time, and just like most malware, Mac users have largely been ignored. Macro malware became even less of a threat\",\"breadcrumb\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.intego.com\/mac-security-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Beware! Dangerous Macro Malware Ahead\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#webpage\"},\"author\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/0106660ab83668e429deecc051dfa8c0\"},\"headline\":\"Beware! Dangerous Macro Malware Ahead\",\"datePublished\":\"2017-03-28T19:53:33+00:00\",\"dateModified\":\"2017-04-10T15:26:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#webpage\"},\"wordCount\":958,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Danger-Macro-Malware-Ahead.jpeg\",\"keywords\":[\"EmPyre\",\"Macro Malware\",\"W97M\/Downloader\",\"W97M\/GDD.B\"],\"articleSection\":[\"Malware\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#respond\"]}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/0106660ab83668e429deecc051dfa8c0\",\"name\":\"Jay Vrijenhoek\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/www.intego.com\/mac-security-blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/8f43effd03d0bb31acff4b88613f0d4a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/8f43effd03d0bb31acff4b88613f0d4a?s=96&d=mm&r=g\",\"caption\":\"Jay Vrijenhoek\"},\"description\":\"Jay Vrijenhoek is an IT consultant with a passion for Mac security research.\",\"url\":\"https:\/\/www.intego.com\/mac-security-blog\/author\/jay-vrijenhoek\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"description":"Macro malware has been around for a long time, and just like most malware, Mac users have largely been ignored. Macro malware became even less of a threat","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/","og_locale":"en_US","og_type":"article","og_title":"Beware! Dangerous Macro Malware Ahead - The Mac Security Blog","og_description":"Macro malware has been around for a long time, and just like most malware, Mac users have largely been ignored. Macro malware became even less of a threat","og_url":"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/","og_site_name":"The Mac Security Blog","article_published_time":"2017-03-28T19:53:33+00:00","article_modified_time":"2017-04-10T15:26:31+00:00","og_image":[{"width":400,"height":260,"url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Danger-Macro-Malware-Ahead.jpeg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jay Vrijenhoek","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#logo"}},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#primaryimage","inLanguage":"en-US","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Danger-Macro-Malware-Ahead.jpeg","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Danger-Macro-Malware-Ahead.jpeg","width":400,"height":260,"caption":"Dangerous Macro Malware Ahead"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#webpage","url":"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/","name":"Beware! Dangerous Macro Malware Ahead - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#primaryimage"},"datePublished":"2017-03-28T19:53:33+00:00","dateModified":"2017-04-10T15:26:31+00:00","description":"Macro malware has been around for a long time, and just like most malware, Mac users have largely been ignored. Macro malware became even less of a threat","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Beware! Dangerous Macro Malware Ahead"}]},{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#webpage"},"author":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/0106660ab83668e429deecc051dfa8c0"},"headline":"Beware! Dangerous Macro Malware Ahead","datePublished":"2017-03-28T19:53:33+00:00","dateModified":"2017-04-10T15:26:31+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#webpage"},"wordCount":958,"commentCount":0,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#primaryimage"},"thumbnailUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Danger-Macro-Malware-Ahead.jpeg","keywords":["EmPyre","Macro Malware","W97M\/Downloader","W97M\/GDD.B"],"articleSection":["Malware"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.intego.com\/mac-security-blog\/beware-dangerous-macro-malware-ahead\/#respond"]}]},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/0106660ab83668e429deecc051dfa8c0","name":"Jay Vrijenhoek","image":{"@type":"ImageObject","@id":"https:\/\/www.intego.com\/mac-security-blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/8f43effd03d0bb31acff4b88613f0d4a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/8f43effd03d0bb31acff4b88613f0d4a?s=96&d=mm&r=g","caption":"Jay Vrijenhoek"},"description":"Jay Vrijenhoek is an IT consultant with a passion for Mac security research.","url":"https:\/\/www.intego.com\/mac-security-blog\/author\/jay-vrijenhoek\/"}]}},"jetpack_featured_media_url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2017\/03\/Danger-Macro-Malware-Ahead.jpeg","jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4VAYd-gDS","amp_enabled":true,"_links":{"self":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/63976"}],"collection":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/79"}],"replies":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=63976"}],"version-history":[{"count":37,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/63976\/revisions"}],"predecessor-version":[{"id":65143,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/63976\/revisions\/65143"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media\/64531"}],"wp:attachment":[{"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=63976"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=63976"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=63976"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}