A newly detected malware targeted at MacOS devices is competent of intercepting all the internet activity on an infected device. This hijacking includes usage on secure sites and spying on HTTPS traffic. This new malware is dubbed as OSX/Dok and was first identified by the security firm Check Point.
The New Malware Can Bypass Mac Protection
The OSX/Dok malware is capable of affecting all the versions of MacOS and has yet to be recognized by Mac virus protection software. The new malware has been able to bypass Mac protection because it uses signed with a valid developer certificate authenticated by Apple itself. As of now, Mac antivirus programs have yet to refresh their databases to detect the DOK malware and advises Apple to revoke the developer certificate immediately.
How Does The Malware Works?
According to MacRumors, Dok malware works by obtaining administration privileges to install a new root certificate on the system of an Apple MacOS device. This enables the malware to gain access to all connections between the host of the Mac gadget and the internet. The effect of this includes traffic flowing through the connections encrypted with Secure Sockets Layer (SSL).
The first email that the owner will receive pretends to be the information about the inconsistencies in their tax return. Then, it will ask to download a zip file attachment which hides the malware. Gatekeeper, Apple's built-in security on MaxOS gadgets feature reportedly fails to recognize the malware because of its valid developer certificate.
After that, the malware presents a security message to the users which claim for a system update, which will require a password input. Then, the malware gets the complete control just like the admin account in order to adjust the network settings to redirect all outgoing connections through a proxy. It will also automatically install additional tools that allow it to perform an attack on all HTTPS traffic.
With all that established, the malware now can see and modify all the web browsing behavior of the Apple MacOS device. According to BGR, this includes any data sent over encrypted links that should be secure all the time. With that kind of ability, the attacker can steal any people’s login information for every site, including social media accounts and online banking details.
The best defense here isn’t antivirus software. The new malware Dok is a strong and fast enough to be treated with an antivirus application. Not opening any attachments from anyone could be a good start to prevent this new malware. Surely, Apple is moving their heads now to solve the problems facing by their customers.