A newly discovered malware targeted at MacOS devices is competent enough to intercept all the internet activity on an infected device. This hijacking virus includes usage on secure sites and spying on Hyper Text Transfer Protocol Secure (HTTPS) traffic. This new malware is dubbed as OSX/Dok and was first identified by the security firm Check Point.
The New Malware Can Bypass Mac Protection
This new OSX/Dok malware is able of affecting all the versions of MacOS – old or new – and has yet to be recognized by Mac virus protection software or any other spyware and virus removal services. The new malware has been able to bypass Mac security because it uses signed with a legitimate developer certificate authenticated by Apple itself. As of now, Mac antivirus apps have yet to refresh their databases to detect the new malware and advises Apple users to revoke the developer certificate immediately.
How Does The Malware Works?
Dok malware works by obtaining administration privileges to be able to install a new root certificate on the system of the device. It enables the malware to gain access to all links between the host of the Mac gadget and the Internet. The effect of this incorporates traffic flowing through the connections encrypted with Secure Sockets Layer (SSL).
The owner will receive an email after that pretending to relay information about the inconsistencies in their tax return. Then, it will ask the user to download a zip file attachment which hides the malware. Gatekeeper, Apple’s built-in security on MaxOS gadgets reportedly fails to recognize the malware because of it has valid developer certificate.
After that, the malware presents a safety message which claims for a system update that will require a password input. Then, the malware gets the full control of the admin account to adjust the network settings and redirect all outgoing connections through a proxy. It will also automatically install unknown tools that will directly attack all HTTPS traffic.
With all that installed and continuously running, the malware will be able to see and modify all the web browsing behavior of the Apple MacOS device. The intervention includes any data sent over encrypted links that should be secure all the time. With that kind of capacity, the attacker can steal any people’s login information for every site, including social media accounts and online banking details.
The Defensive Act
The best defense for OSX/Dok isn’t antivirus software. The new malware/virus is very reliable and fast enough to be treated with any anti-virus application. Not opening any attachments from your email could be a good start to prevent this smart but dangerous program. Surely, Apple is trying to solve these problems step by step.