Malware researchers at Checkpoint have identified a new Mac malware dubbed DOK that affects Mac OS X version. The DOK malware has zero detections on VirusTotal and is signed with a valid developer certificate (authenticated by Apple). Researchers state that this is the first major scale malware to target macOS users. Once the malware gets deployed and manages to infect a macOS system, it gains administrative privileges and installs a new root certificate. The root certificate allows the malware to intercept all user communication, including communication encrypted by SSL, by redirecting victim traffic through a malicious proxy server. Phishing mails tricking users into opening the weaponized .zip attachments are the infection vector for this spyware. Once installed, the DOK malware copies itself to the /Users/Shared/ folder and then maintain persistence by adding to “loginItem”.
Recommended actions:
Need to alert the people on how to handle phishing mails and spam mails.Users always not recommended to open those attachments.
Recommended actions:
Need to alert the people on how to handle phishing mails and spam mails.Users always not recommended to open those attachments.
No comments:
Post a Comment