“We learned recently that macOS malware grew by 744% last year, though most of it fell into the less-worrying category of adware,” ben Lovejoy reports for 9to5Mac. “However, a newly-discovered piece of malware (via Reddit) falls into the ‘seriously nasty’ category – able to spy on all your Internet usage, including use of secure websites.”
“Security researchers at CheckPoint found something they’ve labelled OSX/Dok, which manages to go undetected by Gatekeeper and stops users doing anything on their Mac until they accept a fake OS X update,” Lovejoy reports. “OSX/Dok does rely on a phishing attack as its initial way in. Victims are sent an email claiming to be from a tax office regarding their income tax return, asking them to open an attached zip file for details.”
“But after that, the approach taken by the malware is extremely clever,” Lovejoy reports. “t installs itself as a Login Item called AppStore, which means it automatically runs each time the machine is booted. It then waits for a while before presenting a fake macOS update window.”
Read more in the full article here.
MacDailyNews Take: Never open an unexpected zip file, even if it’s from someone you know.
Checkpoint’s Ofer Caspi writes, “The malware mostly targets European users… All is left to say: beware of Trojans bearing gifts, especially if they ask for your root password.” More details via Checkpoint here.