OceanLotus Virus Targets Businesses and MacOS Users

OceanLotus – It’s a new 2020 virus. You may never have heard of this virus unless you owned or used an Apple MacOS computer. However, this virus is not new, it first surfaced in 2013. Its core purpose was to attack construction companies, media outlets, and research companies. Now in 2020, its main hacking target is Apple MacOS systems.

How does this virus attack

It is operated by a group of hackers that utilize a program referred to as backdoor (identified as Backdoor.MacOS.OCEANLOTUS.F). Research analysts noted that its new structure is a much-improved version of its 2013 predecessor. Its behavior now revamped to include domain names has a debilitating effect on its victims.

  • The backdoor virus comes as a bundled Zip archive disguised as the Microsoft Word icon. To unsuspecting users, it resembles MS word document file, but once open quickly spreads.
  • A research group reported that special characters are attached to this app name, which it uses to prevent detection. OceanLotus application files include a Word document and a shell script.
  • Hackers launched attacks through what’s dubbed the backdoor for this virus. Once executed, a second stage payload downloads through the backdoor. That second-stage payload executes a third-stage payload, then magically erases itself. However, the danger through custom encryption of the third-stage payload is active on its victims’ computers and laptops.

OceanLotus recent hacking attacks

Several research agencies that are tracking this virus stated that it had been quite active for the better part of 2020. OceanLotus (aka APT32) latest study documented these two revelations.

  • Recently, OceanLotus hackers use hacking strategies like watering holes and spear-phishing to target Vietnamese expatriates in Germany. 
  • OceanLotus (aka APT32) hackers, in the past year, created fake news websites, in addition to fake Facebook pages that use malicious software to launch virus attacks against unsuspecting victims.

How to prevent an attack?

The OceanLotus (aka APT32) virus now has more persistent capabilities than the malware released in 2013. Avoid a virus attack by the OceanLotus, with recommended protocols issued for MacOS users and businesses by virus tracking groups. All suspicious links, attachments, and emails should not be open, delete quickly. Also, patch computers, laptops, and other application software. 

Your best defense, as an online business against dangerous viruses and malware, is an ethical hacker. You should hire an ethical hacker that will defend you at all cost from criminal hackers.

Leave a Reply