OSX/Dox infects macOS

Researchers from Check Point Software Technologies have identified a new strain of malware dubbed OSX/Dok that has been found infesting macOS users. The new malware has been primarily found in Europe, and is being spread primarily via phishing campaigns, using emails spoofed to appear as though they’re coming from official sources.

One example recently discovered by the research team appears to come from the Swiss Government, warning recipients that there were errors in their tax returns. Attached to this email is a file called “Dokument.zip.”

One of the intriguing things about the malware is that it’s digitally signed with a valid Apple developer’s certificate. These certificates are only issued to certified developers, and they’re important because they’re required in order to publish apps in the official Mac App Store. Also, because the presence of a signed certificate means that they can be installed without triggering security errors that would normally require a manual override.

Just unzipping the file is all it takes

All it takes to install the malicious code is to unzip the file. Once it’s unzipped, the software will modify the infected PC’s network settings and reroute web traffic through a proxy server located somewhere on the TOR network. A TOR client is installed automatically in the background when the file is unzipped.

From there, every move you make on the web is monitored, and your activity is reported in real time to whomever controls the software, allowing the hackers to steal a variety of personal data and logins.

What isn’t known at this time is whether the hackers provided false credentials and paid to get a developer’s certificate, or whether they stole one from an innocent third party. In either case, this new strain of malware is one of the most advanced security professionals have ever seen, and although Apple has patched their OS to nullify this threat, researchers warn that there may well be other strains of this code that remain undetected.


 

For more tips on thriving with small business technology, check out the other blog posts at DWP Blogs. Thanks for reading this post. I am also available at dwpia on LinkedIn, at dwpia on Facebook,and @dwpia on Twitter.

Cloud Computing Expert | Small Business Technology Consultant | IT Services Provider | 866.995.4488

Denis S Wilson

I am President and Principal Consultant for DWP Information Architects: specializing in IT services and support for successful, fast-growth companies in Los Angeles. And have created cost-effective information technology solutions for small business for over 20 years, specializing in cybersecurity. I am also a published author and speaker, working extensively with the State of California, the Federal Burau of Investigation (FBI), the Small Business Administration (SBA) and its partners, and business and professional associations, providing business technology education programs.

Get the free report

"10 Hidden IT Risks That Might Threaten Your Business (Plus 1 Fast Way to Find Them)"

Please feel free to comment directly to me at blog@dwpia.com.