Check Point, a security analysis firm, posted an alarming blog entry on Thursday about a new malicious macOS Trojan horse that appeared able to bypass Apple’s protections and could hijack and sniff all the traffic entering and leaving a Mac without a user’s knowledge. This would include SSL/TLS encrypted connections, because the malware installs a local digital certificate that overrides normal man-in-the-middle warnings and protections.
The malware, called OSX/Dok by Check Point, spreads via a phishing attack that Check Point says mostly targets European users. One message shown is in German and the signature portion says it’s from the Swiss tax office. The email contains a ZIP file attachment which has to be saved, opened, and an item within it launched. It’s unclear from the description whether a user has to enter an administrative password, although based on the steps, this would seem likely. On execution, the malware performs various nefarious deeds, such as copying itself and running shell commands, as well as installing a startup item so it will launch at each reboot.
To read this article in full or to leave a comment, please click here
