The End of Innocence
And Tips to Keep your Apple devices safe.
For years, Windows users were the main target for malware writers as Windows based systems got the larger chunk of the market. Mac users, as a minority, have remained safe and took no heed of warnings that the time of innocence would soon be gone and over. They have, until now, but never more. The growing popularity of Mac devices plays a bad joke on users. The malware for Mac is becoming a real threat these days. Security researchers at Check Point have recently discovered the first “major scale” trojan for Apple’s desktop OS – OSX/Mac Dok.
The Mac Dok malware is spread through phishing emails. Such emails feature ZIP attachments and trick users into downloading them. Once unzipped, installed and launched, the malware grips the control over your system. Hence the nickname of it – trojan, like the Trojan Horse. You get a gift with a twist.
This is done to intercept your traffic and impersonate web-site. Like tickets selling sites or your bank on-line service. You can put down your credit card credentials not knowing that the site is a faked one. Job done, the culprits can remove the malware from your system remotely and no one’s none the wiser.
So, the Survival Rule #1 goes: Never download ZIP files from untrusted sources. Period. The malware features a fake certificate to bypass Apple’s Gatekeeper verification and gains full access to the device. The OSX/Mac Dok — affects all versions of OSX, has 0 detections on VirusTotal. Virus Total is the largest on-line list of viruses, trojans, malwares and adwares. Apple hasn’t issued a patch for this hole in the software, that’s why it’s better to follow the proverb: Better safe than sorry.
Good news: the malware mostly “doctors” European users. A user in Germany was baited with a message regarding alleged issues with the tax returns. The zipped archive was named Dokument.zip and signed on April 21th 2017 by a “Seven Muller”. The bundle name was Truesteer.AppStore. You got it? The criminals used the name of the trusted on-line store to lure the victim.
What happens when you try to unzip the archive? The message pops up that the archive is damaged and cannot be executed. But this is a lie. While you read this very message the malware is being installed to the /Users/Shared/ folder. Then it will go on and run the shell commands meant to replace the loginItem.
It’ll get stuck in the system and execute automatically every system reboot, until it finishes to install its payload. Then a window opens on top of all other windows. The message this window contains is innocent enough. It says, you’ve got a security issue and an update is available to patch it. Just put in your password and you’ll be OK, the malicious window insists. You can’t access other windows and you can’t close or minimize this one until you enter the password. The moment you do, the malware is given the administrator privileges on the infested machine.
What it means for you? It means, the malware can install and run any software without you knowing it, let alone approving. OSX / Mac Dok then changes the network settings and route all outgoing connections through the malicious proxy server. The criminals can intercept all your actions online: banking, e-mailing, messaging, paying in online stores. They can impersonate you and hack protected sites and resources.
To avoid all these troubles, please, follow the guide below:
- Don’t open the attachments sent to you from unknown e-mail addresses. Never open them. Especially ZIP files. N-E-V-E-R. If you are emailed by some officially looking correspondent, i.e. tax office or your provider, check their official websites back to make sure the e-mail coincides. If you still have some doubts, contact them back and ask if they really send such e-mails.
- If you’re sent a link from your pal, saying, “Oh, I’ve seen you in this picture, have a look, is it you?”, again check the friend back and ask if he or she really e-mailed you.
- Do not download files from the sources other than iTunes and App Store.
- Install the up-to-date antivirus software and turn on the anti-phishing add-on.
- Sell your old and used device online for top dollar. Easy as one, two, three. We buy at best price. We have earned 5-star Customer Rating. Get cash fast. Sounds like the best deal: Sell old electronics online now!