A New Mac Malware Could Nastily Take Over Your Computer
A newly detected malware targeted at MacOS devices is competent of intercepting all the internet activity on an infected device. This hijacking includes usage on secure sites and spying on HTTPS traffic. This new malware is dubbed as OSX/Dok and was first identified by the security firm Check Point.
The New Malware Can Bypass Mac Protection
The OSX/Dok malware is capable of affecting all the versions of MacOS and has yet to be recognized by Mac virus protection software. The new malware has been able to bypass Mac protection because it uses signed with a valid developer certificate authenticated by Apple itself. As of now, Mac antivirus programs have yet to refresh their databases to detect the DOK malware and advises Apple to revoke the developer certificate immediately.
How Does The Malware Works?
According to MacRumors, Dok malware works by obtaining administration privileges to install a new root certificate on the system of an Apple MacOS device. This enables the malware to gain access to all connections between the host of the Mac gadget and the internet. The effect of this includes traffic flowing through the connections encrypted with Secure Sockets Layer (SSL).
The first email that the owner will receive pretends to be the information about the inconsistencies in their tax return. Then, it will ask to download a zip file attachment which hides the malware. Gatekeeper, Apple's built-in security on MaxOS gadgets feature reportedly fails to recognize the malware because of its valid developer certificate.
After that, the malware presents a security message to the users which claim for a system update, which will require a password input. Then, the malware gets the complete control just like the admin account in order to adjust the network settings to redirect all outgoing connections through a proxy. It will also automatically install additional tools that allow it to perform an attack on all HTTPS traffic.
With all that established, the malware now can see and modify all the web browsing behavior of the Apple MacOS device. According to BGR, this includes any data sent over encrypted links that should be secure all the time. With that kind of ability, the attacker can steal any people’s login information for every site, including social media accounts and online banking details.
The best defense here isn’t antivirus software. The new malware Dok is a strong and fast enough to be treated with an antivirus application. Not opening any attachments from anyone could be a good start to prevent this new malware. Surely, Apple is moving their heads now to solve the problems facing by their customers.
iOS 11 Plagued with Untested Bugs and Early Adoption Pitfalls
Reports of nagging iOS 11 issues have started pouring in just a day after the software was released by Apple on supported devices.
iPhone 8 Outperforms iPhone X in Early Geekbench Tests [Photos]
Quite surprisingly, the iPhone 8 beats the iPhone X in both Single Core and Multi-Core Geekbench tests.
iOS 11 Release Time for Various Time Zones Across the Globe
Check out the complete list of time zones for iOS 11 release time across the globe.
iPhone X Demand May Outlast Supply Until Mid-2018, says KGI Securities Analyst
KGI Securities Analyst, Ming-Chi Kuo, predicts serious demand vs. supply constraints for the iPhone X until Mid-2018.
Five iPhone X Secret Features You May Not Know About
Check out the five iPhone X features that Apple has discreetly hidden from you at launch.
MORE IN ITECHPOST
Beyond Queen's Stomp-Stomp-Clap: Concerts and Computer Science Converge in New Research
The iconic "stomp-stomp-clap" of Queen's "We Will Rock You" was born out of the challenge that rock stars and professors alike know all too well: How to get large numbers of people engaged in participating during a live performance like a concert -- or a lecture -- and channel that energy for a sustained time period.
Using Waves to Move Droplets
Self-cleaning surfaces and laboratories on a chip become even more efficient if we are able to control individual droplets. University of Groningen professor Patrick Onck, together with colleagues from the Eindhoven University of Technology, has shown that this is possible by using a technique named mechanowetting.