Apps: Security

The End of Innocence

The End of Innocence

And Tips to Keep your Apple devices safe.

For years, Windows users were the main target for malware writers, since Windows based systems got the larger chunk of the market. Mac users as a minority, have remained safe, and took no heed of warnings that the time of innocence would soon be over. The growing popularity of Mac devices is causing the malware for Macs to become a real threat these days. Security researchers at Check Point, have recently discovered the first “major scale” trojan for Apple’s desktop OS – OSX/Mac Dok.

The Mac Dok malware is spread through phishing emails. Such emails feature ZIP attachments, and trick users into downloading them. Once unzipped, installed and launched, the malware takes control over your system. Hence the nickname of it – trojan, like the Trojan Horse. You get a gift, but with a twist.

This is done to intercept your traffic and impersonate web-site. Like ticket selling sites or your bank on-line services. You might enter your credit card information, not knowing that the site is actually a fake one. Job done, the culprits can remove the malware from your system remotely and no one even knows it was ever there in the first place.

So, Survival Rule #1 goes: Never download ZIP files from untrusted sources. Period. The malware features a fake certificate in order to bypass Apple’s Gatekeeper verification, and gains full access to the device. The OSX/Mac Dok — affects all versions of OSX, has 0 detections on VirusTotal. Virus Total is the largest on-line list of viruses, trojans, malwares and adwares. Apple hasn’t issued a patch for this hole in the software yet, which is why it’s better to follow the proverb: Better safe than sorry.

The possible good news from this is that the malware mostly “doctors” European users. A user in Germany was baited with a message regarding alleged issues with the tax returns. The zipped archive was named Dokument.zip and signed on April 21th 2017 by a “Seven Muller”. The bundle name was Truesteer.AppStore. You got it? The criminals used the name of the trusted on-line store in order to lure the victim in.

What happens when you try to unzip the archive? The message pops up that the archive is damaged and cannot be executed. But, this is a lie. While you read this very message, the malware is being installed to the /Users/Shared/ folder. Then, it will go on and run the shell commands meant to replace the login item.

It’ll get stuck in the system and execute automatically every system reboot, until it finishes to install its payload. Then, a window opens on top of all the other windows. The message this window contains is innocent enough, it simply says, “You’ve got a security issue, and an update is available to patch it. Just put in your password, and you’ll be okay”. You can’t access other windows though, and you can’t close or minimize this one until you enter the password. The moment you do, the malware is given the administrator privileges on the infested machine.

What does mean for you? It means, the malware can install and run any software without you knowing it, let alone approving. OSX / Mac Dok then changes the network settings and route all outgoing connections through the malicious proxy server. The criminals can intercept all your actions online: banking, e-mailing, messaging, paying in online stores. They can impersonate you and hack protected sites and resources, as well.

To avoid all these troubles, please, follow the guide below:

  • Don’t open the attachments sent to you from unknown e-mail addresses. Never open them. Especially ZIP files. N-E-V-E-R. If you are emailed by some officially looking correspondent, i.e. tax office or your provider, check their official websites back to make sure the e-mail coincides. If you still have some doubts, contact them back and ask if they really send such e-mails.
  • If you’re sent a link from your pal, saying, “Oh, I’ve seen you in this picture, have a look, is it you?”, again check the friend back and ask if he or she really e-mailed you.
  • Do not download files from the sources other than iTunes and App Store.
  • Install the up-to-date antivirus software and turn on the anti-phishing add-on.

See also:

  • Sell your old and used device online for top dollar. Easy as one, two, three. We buy at best price. We have earned 5-star Customer Rating. Get cash fast. Sounds like the best deal: Sell old electronics online now!

The Locked Net. Photo: iGotOffer.com

Share
Published by
Steve

Recent Posts

Scams on WhatsApp: Cybercriminals Impersonate the Voices

Thousands of Scams on WhatsApp: They Impersonate the Voices of Your Parents and Best Friends,…

3 weeks ago

Credential Stuffing: Increasingly Devastating in France

Credential Stuffing: Increasingly Devastating in France This formidable technique explains the surge in cyberattacks in…

4 weeks ago

Users Report Hearing Strange Voices on Their iPhones

Mysterious Case: Users Report Hearing Strange Voices on Their iPhones Affected phones may have privacy…

1 month ago

Xiaomi Announced Poco C75 Mid-range Smartphone

Xiaomi Announced Poco C75 Mid-range Smartphone The Poco C75 is a newly announced mid-range smartphone…

1 month ago

Meta Tests to Implement Facial Recognition Technology

Meta Conducts Tests to Implement Facial Recognition Technology Meta, the company behind social media platforms…

2 months ago

The Best Apple Intelligence Features in iOS 18.1

The 5 Best Apple Intelligence Features You Can Try in iOS 18.1: Experience Apple Intelligence…

3 months ago