For years, Windows users were the main target for malware writers, since Windows based systems got the larger chunk of the market. Mac users as a minority, have remained safe, and took no heed of warnings that the time of innocence would soon be over. The growing popularity of Mac devices is causing the malware for Macs to become a real threat these days. Security researchers at Check Point, have recently discovered the first “major scale” trojan for Apple’s desktop OS – OSX/Mac Dok.
The Mac Dok malware is spread through phishing emails. Such emails feature ZIP attachments, and trick users into downloading them. Once unzipped, installed and launched, the malware takes control over your system. Hence the nickname of it – trojan, like the Trojan Horse. You get a gift, but with a twist.
This is done to intercept your traffic and impersonate web-site. Like ticket selling sites or your bank on-line services. You might enter your credit card information, not knowing that the site is actually a fake one. Job done, the culprits can remove the malware from your system remotely and no one even knows it was ever there in the first place.
So, Survival Rule #1 goes: Never download ZIP files from untrusted sources. Period. The malware features a fake certificate in order to bypass Apple’s Gatekeeper verification, and gains full access to the device. The OSX/Mac Dok — affects all versions of OSX, has 0 detections on VirusTotal. Virus Total is the largest on-line list of viruses, trojans, malwares and adwares. Apple hasn’t issued a patch for this hole in the software yet, which is why it’s better to follow the proverb: Better safe than sorry.
The possible good news from this is that the malware mostly “doctors” European users. A user in Germany was baited with a message regarding alleged issues with the tax returns. The zipped archive was named Dokument.zip and signed on April 21th 2017 by a “Seven Muller”. The bundle name was Truesteer.AppStore. You got it? The criminals used the name of the trusted on-line store in order to lure the victim in.
What happens when you try to unzip the archive? The message pops up that the archive is damaged and cannot be executed. But, this is a lie. While you read this very message, the malware is being installed to the /Users/Shared/ folder. Then, it will go on and run the shell commands meant to replace the login item.
It’ll get stuck in the system and execute automatically every system reboot, until it finishes to install its payload. Then, a window opens on top of all the other windows. The message this window contains is innocent enough, it simply says, “You’ve got a security issue, and an update is available to patch it. Just put in your password, and you’ll be okay”. You can’t access other windows though, and you can’t close or minimize this one until you enter the password. The moment you do, the malware is given the administrator privileges on the infested machine.
What does mean for you? It means, the malware can install and run any software without you knowing it, let alone approving. OSX / Mac Dok then changes the network settings and route all outgoing connections through the malicious proxy server. The criminals can intercept all your actions online: banking, e-mailing, messaging, paying in online stores. They can impersonate you and hack protected sites and resources, as well.
To avoid all these troubles, please, follow the guide below:
See also:
Apple is reportedly enhancing the iPhone SE 4, potentially phasing out the home button in…
Will Qualcomm Be Able to Replicate Apple's Success and Transform the PC Market? Snapdragon X…
Apple has explained why you shouldn't put your iPhone into a bowl of rice if…
Apple is finally set to fix the biggest flaw in the iPhone's camera The images…
Windows 11 Has Just Launched Its Latest Significant Update, Moment 5, as Part of April's…
Artificial Intelligence For All on iPhones: Hidden Or Not? Apple has remained relatively silent about…