Dok OS X Malware Evades Gatekeeper Protection And Hijacks Apple Macs

It seems like a day doesn't go by that we don't hear about some piece of malware that's harassing computer users. In 2017, you would expect that most people would be hesitant to download and extract random, rogue zip files, but sadly, that's not the case. There's a reason these pieces of malware still exist -- just like with spam email, a small percentage of users ultimately fall for it.

With the latest piece of malware to hit the Mac, users who are careless enough to open attachments from people they don't know are the prime targets for this exploit and infection.

yosemite

OSX/Dok is malware that targets - you guessed it - OS X. The downside is that it allegedly affects all versions of OS X, so unless you're still rocking an LC II, your Mac is going to be at risk. The downside doesn't stop there, however; not even OS X's Gatekeeper security feature can block Dok from being executed.

It gets better (or worse, more accurately); VirusTotal, a website that many people use to double-check the integrity of a file, doesn't currently support Dok in its definitions. And Dok's coup de grâce? It's signed with a valid Apple developer certificate. How do you like them apples?

DokOSX

If someone ends up installing the Dok malware, it can behave as a man-in-the-middle attack to intercept your computer's internet traffic, even over secure HTTPS connections. This is a severe issue that can't be understated, because it means that no task that you partake in online would be truly secure. That gets downright scary if you think about all of the banking that is done online.

At this point, it looks like Apple has finally put the proper blocks in place to prevent Dok from being installed, but this debacle is proof that having various layers of security doesn't mean we have the best protection. When a piece of malware of this nature can bypass numerous security measures, it should act as a real eye-opener. Fortunately in this case, anyone smart enough to not download an unknown attachment would have been safe, but that's certainly not going to be the case for everyone, as many of you more tech-savvy readers are all too aware.


Via:  Check Point
Show comments blog comments powered by Disqus