• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 16th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Apple News

OSX/Dok malware hits Macs; bypasses Apple’ Gatekeeper

July 15th, 2017 Jahanzaib Hassan Security, Apple News, Cyber Crime, Malware 0 comments
OSX/Dok malware hits Macs; bypasses Apple’ Gatekeeper
Share on FacebookShare on Twitter

IT security researchers at Checkpoint recently discovered that a new malware has started to rise and is targeting Mac devices. The malware is considered quite powerful as it can bypass Apple’s gatekeeper and effectively steal users’ credentials.

Apple rushing to revoke compromised certificates

It is relatively rare to hear news about Mac devices getting compromised due to malware. It is usually Windows that gets infected.

Nevertheless, perhaps due to the increasing popularity of Apple devices, cybercriminals have started to shift their focus from Windows to Mac, making users realize that Mac is not as safe as it is believed to be.

According got a blog post by Checkpoint, one of the things that the researchers pointed out is that the creators of the malware are purchasing as many Apple certificates as they can.

This is because they attach the certificate with the malware so that it can bypass Apple’s gatekeeper, which is essential, the only thing keeping away malicious software from entering devices.

As soon as Apple was informed of this, it rushed to revoke the many certificates it believes have been compromised. However, new certificates are appearing on the scene at an ever-greater speed.

[irp posts=”54318″ name=”‘The Most Sophisticated Mac Ransomware’ Being Sold on Dark Web”]

How does the malware work?

The malware was first detected in May this year. However, at the time, all it did was steal credentials from websites and spied on network traffic. The new version, on the other hand, has many superior capabilities.

The malware mimics known banking websites in order to trick the users into entering their credentials. The scam begins by tricking the user into downloading infected files in spam emails.

As soon as the malware is installed, it disables all security protocols so that it is not detected and begins redirecting all the traffic from Apple servers to the local machine itself. Removal of the malware is difficult as it firmly embeds in the Apple system.

Subsequently, it connects to its command-and-control center through a TOR enabled connection and reads the IP address of the victim’s device. This allows it to tailor its infection accordingly. For instance, the malware will present fake websites of banks that are present in the specific location of the victim.

The malware not only prompts the user into entering his/her credentials as part of logging into the fake websites but also makes the user download a legitimate message app called Signal. Victims are asked for their phone numbers in order to get SMS authentication for this.

Why Signal?

Although the intended purpose of making users download the messaging app is unknown, researchers, however, believe that it might be used to conduct further fraudulent activities or perhaps allow the attacker to assess the success rate of the scam by monitoring the number of downloads.

In any case, the attacker can track all the communication of the victim through the malware.

Similarities with Retefe

Retefe was a Trojan that targeted Windows in the same way that OSX/Dok is targeting Mac. As such, researchers believe that Retefe has essentially been ported from Windows to Mac.

This is quite worrisome as researchers predict more of such malware being ported from Windows to Mac. Given that Mac lacks the required security protocols to prevent infections from such malware, it can be quite catastrophic for Mac users in the future.

Users might still be safe

Despite the powerful threat the malware poses to Mac users, it is still not much of a concern as the malware relies on a very basic form of social engineering to execute itself.

That is, the user needs to download the executable from a phishing email. As long as users are aware of spam emails from unknown addresses, infections can be limited.

[irp posts=”51212″ name=”10 Powerful But Not Yet Promoted Antivirus for PC, Mac, Android, iPhone”]


Sponsored: DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Apple
  • internet
  • Mac
  • Malware
  • Privacy
  • security
  • Technology
Facebook Twitter LinkedIn Pinterest
Previous article Crooks Stealing Data From ATMs Using Infrared
Next article Gandi hosting' logins breached; 751 domains diverted to malware site
Jahanzaib Hassan

Jahanzaib Hassan

Related Posts
2021 and Emerging Cybersecurity Threats

2021 and Emerging Cybersecurity Threats

SolarWinds Hack - US officially Blames Russian Intel Agency Hackers

SolarWinds Hack - US officially Blames Russian Intel Agency Hackers

Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
2021 and Emerging Cybersecurity Threats
Security

2021 and Emerging Cybersecurity Threats

SolarWinds Hack - US officially Blames Russian Intel Agency Hackers
Cyber Crime

SolarWinds Hack - US officially Blames Russian Intel Agency Hackers

ParkMobile parking app data breach - 21M user records stolen, sold
Hacking News

ParkMobile parking app data breach - 21M user records stolen, sold

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us