Home Malware Programs Mac Malware Dok

Dok

Posted: May 3, 2019

Many users still believe that using an OSX system is enough to protect them from malware. Sadly, OSX is certainly not as safe as people think it is, and there are many malware strains that are able to run on this particular operating system. One of the more notable threats linked to attacks targeting OSX devices is Dok, a piece of malware that has the ability to intercept the user’s network traffic and redirect it through a proxy server controlled by the attacker. By doing so, it would allow its operators to spy on the data transmitted by the user, as well as to execute man-in-the-middle (MITM) attacks.

The propagation campaign for the Dok malware appears to be very active in Europe, and the attackers may use different languages depending on the region they target – one of the largest campaigns was focused on German-speaking users who received a bogus email regarding an issue with their taxes. The recipients were asked to download and review an attachment named ‘Dokument.zip.’ However, upon opening the file, they would initiate a malware bundle called ‘Truesteer.AppStore’ and also see an error message that the file ‘Dokument’ could not be opened. The malware bundle copies its files to the ‘/Users/Shared/’ directory and deletes its traces from the original download location immediately.

Once the Dok malware is initialized, it may display a bogus window, which informs the user that there are pending OSX updates and they need to apply them immediately to continue using their computers. This prompt is fake, and it is displayed on top of other windows. It also cannot be removed, and the user is asked to apply the updates and confirm their admin permissions by entering their admin password – completing this step would provide the attackers with access to the administrator credentials.

After the attacker gains admin rights, the Dok malware may escalate the privileges of the current user and stop password prompts from showing up immediately – this would allow the malware to carry out its tasks without notifying the victim. The malware may then install additional software packages on the victim’s machine – brew, TOR and SOCAT. In addition to this, it can alter the network proxy settings so that the victim’s network traffic would be redirected through a server controlled by the attacker. This would not only enable the perpetrators to capture and review network data, but it may also give them the chance to impersonate any website that the user visits.

The scariest thing about the Dok malware is that it does not cause any major visible problems, and victims might not even know that all of their online actions are being observed by cybercriminals. Protecting your Mac device against threats like Dok requires the use of a legitimate and regularly updated anti-malware solution.

Related Posts

Loading...