New Mac Malware Hijacks Internet Traffic

New Mac Malware Hijacks Internet Traffic

Ever since the creation of Mac, the system was deemed so safe and secure that its users never really had an opportunity, or need to get familiar with malware. In fact, some would even say that the words ‘Mac’ and ‘malware’ didn’t belong in the same sentence. However, that changed in the last several months.

Lately, malware has managed to find a way to bypass Mac’s defenses, and the latest of the confirmed malware attacks is called Dok. Dok’s aim is to gain administrator privileges as soon as it possibly can, and it does this by using nag screens. For now, and for unknown reasons, Dok is currently only targeting European Mac users.

Like most of its kind, it goes around via spam emails, and all of them are connected to fake tax-reports. Even though most of the emails are written in German, which is curious by itself, most people who receive them still open the attachments, since emails with the words like ‘taxes’ in them usually don’t get ignored.

Upon downloading Dok, the fake OS X screen appears and offers a new update. If the user agrees and accepts the ‘update’, malware is installed and it gets administrative privileges. After this, the malware will hijack encrypted web traffic, and reroute it via Tor in order to send it through several malicious proxies. But even that is not the end, but instead, the Mac that’s under attack will receive a login item named AppStore. This fake app will allow Dok to carry on with its procedures even in case of a reboot.

Most of these processes will be completely unknown to the regular user, however, the internet speed is going to drop drastically because of the proxies through which the traffic will go. In the meantime, the hacker that sent the malware in the first place will be given complete access to all of their victim’s online actions. For now, it is unknown what the hackers do with the info, but it’s still pretty unsettling and creepy to know that you’re being watched all the time.

However, this is still not it, when it comes to Dok’s activities. Later, after all of this is done, it will install a root certificate, which is then used for performing man-in-the-middle attacks. This is then used for stealing sensitive data, like social media accounts details, banking logins and alike. It can even be used by hackers in a way of opening new pages in your browser, which doesn’t seem that dangerous until you remember that they might open phishing pages.

Fortunately, this threat was taken seriously rather quickly, and many antivirus programs are already updated and are now capable of dealing with Dok. That still doesn’t mean that Mac users can relax now since the malware can still be downloaded by accident. Users should be extra careful when downloading attachments from unknown emails, as well as those that claim to be connected to tax returns.