Can a mac be infected by a microsoft trojan?

My friend owns a Mac with Microsoft Office installed and executed (with macros enabled) a trojan horse, AFAIK a W97M/Downloader variant. By fetching some information from the wild, that trojan usually tries to install some executable and/or script file specifically crafted for a Windows OS.

My questions are:

  1. is it correct to assume that this kind of threat is mitigated by being run on a Mac OS?
  2. Is it enough to say him to just remove the doc file?
  3. Any suggenstion for handling this kind of malware?

I'd like to avoid installing a malware removal tool as I have absolutely no experience and I'm fearing of worsening the situation.


It seems that this particular trojan horse works by downloading and then executing an .exe file. Those files are not executable on macOS (in general), and thus wouldn't work.

However, if you copy the .exe file to a Windows computer, open it from Bootcamp on your computer or copy it to a virtual machine running Windows on your computer - then you could potentially execute it and get infected.

Note that there is a (slight) risk that the .doc file you've received was specifically tailored for macOS. I haven't heard of such a variant of the W97M/Downloader, so it is probably not the case.

I would advise removing the .doc and the .exe (and other files downloaded) - and then running a full virus scan. If you have backups of the machine, I would also advise comparing your current hard drive contents with the contents of the backup to detect any other alterations that might have been done.

The best advise regarding these types of malware that comes through email is simply to never open attachments in emails, unless you have verified that the email was sent by someone you know.


There is no general answer to this. If it uses windows specific code, it will likely fail at some point without doing harm. However, it could still do harm within the possibillities of the scripting language. This is why you should never open files with embedded macros if you don't know they are save. In your current situation I don't think the Mac is really infected but would still run a scan with Malwarebytes to be sure. You can also configure Microsoft Office to never execute macros instead of asking the user. That should help if your friend always clicks before he thinks.


Make sure everything is updated to the latest version, macos & Microsoft. If you want to co late with a backup, do so before all the updating. Next you turn on macos firewall in preferences and select the only signed applications options. If notice requests from the strange new files you can investigate it further and disable its access. Exploits and vulnerabilities for macos exist.. and almost always these things are documented and patched within the latest updates and malware scanners ect add them to their list. There are online resources tracking these exploits available, for ex. macos exploit DB