“Security researchers at CheckPoint found something they’ve labelled OSX/Dok, which manages to go undetected by Gatekeeper and stops users doing anything on their Mac until they accept a fake OS X update,” Lovejoy reports. “OSX/Dok does rely on a phishing attack as its initial way in. Victims are sent an email claiming to be from a tax office regarding their income tax return, asking them to open an attached zip file for details.”
“But after that, the approach taken by the malware is extremely clever,” Lovejoy reports. “t installs itself as a Login Item called AppStore, which means it automatically runs each time the machine is booted. It then waits for a while before presenting a fake macOS update window.”
Read more in the full article here.
MacDailyNews Take: Never open an unexpected zip file, even if it’s from someone you know.
Checkpoint’s Ofer Caspi writes, “The malware mostly targets European users… All is left to say: beware of Trojans bearing gifts, especially if they ask for your root password.” More details via Checkpoint here.