{"id":5863,"date":"2017-05-02T17:54:31","date_gmt":"2017-05-02T17:54:31","guid":{"rendered":"https:\/\/igotoffer.com\/blog\/?p=5863"},"modified":"2018-01-29T21:36:25","modified_gmt":"2018-01-29T21:36:25","slug":"end-of-innocence","status":"publish","type":"post","link":"https:\/\/igotoffer.com\/blog\/end-of-innocence","title":{"rendered":"The End of Innocence"},"content":{"rendered":"

The End of Innocence<\/strong><\/h2>\n

And Tips to Keep your Apple devices safe.<\/h3>\n

For years, Windows users were the main target for malware writers, since Windows based systems got the larger chunk of the market. Mac users as a minority, have remained safe, and took no heed of warnings that the time of innocence would soon be over. The growing popularity of Mac devices is causing the malware for Macs to become a real threat these days. Security researchers at Check Point, have recently discovered the first \u201cmajor scale\u201d trojan for Apple\u2019s desktop OS \u2013 OSX\/Mac Dok.<\/p>\n

The Mac Dok malware is spread through phishing emails. Such emails feature ZIP attachments, and trick users into downloading them. Once unzipped, installed and launched, the malware takes control over your system. Hence the nickname of it \u2013 trojan, like the Trojan Horse. You get a gift, but with a twist.<\/p>\n

This is done to intercept your traffic and impersonate web-site. Like ticket selling sites or your bank on-line services. You might enter your credit card information, not knowing that the site is actually a fake one. Job done, the culprits can remove the malware from your system remotely and no one even knows it was ever there in the first place.<\/p>\n

So, Survival Rule #1 goes: Never download ZIP files from untrusted sources. Period. The malware features a fake certificate in order to bypass Apple\u2019s Gatekeeper verification, and gains full access to the device. The OSX\/Mac Dok \u2014 affects all versions of OSX, has 0 detections on VirusTotal. Virus Total is the largest on-line list of viruses, trojans, malwares and adwares. Apple hasn\u2019t issued a patch for this hole in the software yet, which is why it\u2019s better to follow the proverb: Better safe than sorry.<\/p>\n

The possible good news from this is that the malware mostly \u201cdoctors\u201d European users. A user in Germany was baited with a message regarding alleged issues with the tax returns. The zipped archive was named Dokument.zip and signed on April 21th 2017 by a \u201cSeven Muller\u201d. The bundle name was Truesteer.AppStore. You got it? The criminals used the name of the trusted on-line store in order to lure the victim in.<\/p>\n

What happens when you try to unzip the archive? The message pops up that the archive is damaged and cannot be executed. But, this is a lie. While you read this very message, the malware is being installed to the \/Users\/Shared\/ folder. Then, it will go on and run the shell commands meant to replace the login item.<\/p>\n

It\u2019ll get stuck in the system and execute automatically every system reboot, until it finishes to install its payload. Then, a window opens on top of all the other windows. The message this window contains is innocent enough, it simply says, \u201cYou\u2019ve got a security issue, and an update is available to patch it. Just put in your password, and you\u2019ll be okay\u201d. You can\u2019t access other windows though, and you can\u2019t close or minimize this one until you enter the password. The moment you do, the malware is given the administrator privileges on the infested machine.<\/p>\n

What does mean for you? It means, the malware can install and run any software without you knowing it, let alone approving. OSX \/ Mac Dok then changes the network settings and route all outgoing connections through the malicious proxy server. The criminals can intercept all your actions online: banking, e-mailing, messaging, paying in online stores. They can impersonate you and hack protected sites and resources, as well.<\/p>\n

To avoid all these troubles, please, follow the guide below:<\/p>\n