Apple under attack again with new virus variant.
Mac users have enjoyed a virus-free mindset for far too long, at least in the minds of some malicious code writers. After last week’s announcement of a newly discovered Mac trojan, a second variation on that OSX.Dok has been found. Unlike last week’s version that installs a backdoor to intercept virtually all of your web traffic, this one acts differently. And unlike most of the typical forms of attack we hear about, this one didn’t exploit vulnerabilities in the system but rather relied on user action to infect.
According to a report on last week’s trojan by Macworld, “Check Point, a security analysis firm, posted an alarming blog entry on Thursday about a new malicious macOS Trojan horse that appeared able to bypass Apple’s protections and could hijack and sniff all the traffic entering and leaving a Mac without a user’s knowledge. This would include SSL/TLS encrypted connections, because the malware installs a local digital certificate that overrides normal man-in-the-middle warnings and protections.”
Check Point had this to say about their discovery: “This new malware affects all versions of OSX, has 0 (zero) detections on VirusTotal (as of the writing of these words), is signed with a valid developer certificate (authenticated by Apple), and is the first major scale malware to target OSX users via a coordinated email phishing campaign…Once OSX/Dok infection is complete, the attackers gain complete access to all victim communication, including communication encrypted by SSL. This is done by redirecting victim traffic through a malicious proxy server.”
Basic phishing attack
Both variations on OSX.Dok seem to have spread through nothing more than a basic phishing attack, only unlike the infamous Nigerian prince emails with their laughable stories and ridiculous grammar, this attack looked and sounded far more trustworthy. Tech users are being warned against emails that appear to originate from tax departments, law enforcement agencies, or other ominous but apparently trustworthy entities. Of course, different software titles that work to block these kinds of threats and prevent installation will go a long way towards keeping them out, as Macworld indicated in two different beta tests.