May 16, 2024 | Updated: 11:35 AM EDT
Apr 30, 2017 07:14 PM EDT
Tech enthusiasts recently learned that MacOS malware grew by 744 percent last year, though most of it fell into the less worrying category of adware. A newly discovered piece of malware falls into the seriously nasty category; able to spy all users internet usage, including the use of secure websites.
According to PC World, security researchers found something they have labeled OSX/Dok that manages to go undetected by Gatekeeper and stops users doing anything on their Mac until they accept a fake OS X update.
For the fact, OSX/Dok does rely on a phishing attack as its initial way in. Victims are sent via email claiming to be from a tax office regarding their income tax return, asking users to open an attached zip file for details. This approach taken by the malware is extremely clever, in which it installs itself as a Login Item called AppStore. By this, it automatically runs each time the machine is booted and then waits for a while before presenting a fake MacOS update window.
According to Checkpoint Blog, as soon as the malware has been launch, victims are barred from accessing any windows or using their device in any way until they relent, enter the password and allow the malware to finish installing. With this, the malware acquires admin privileges on the victim's device. This malware then changes the victim's system's network settings such that all outgoing connections will pass through a proxy that's dynamically obtained from a Proxy Auto-Configuration (PAC) file sitting on a malicious server.
As a result of this, victims who are attempting to surf the web, as the user's web browser will first ask the attacker web page on TOP for proxy settings. The user traffic is then redirected through a proxy controlled by the attacker, which carries out a Man-In-The-Middle attack and impersonates the various sites the user attempts to surf. Then, the attacker is free to read the victim's traffic and tamper with it in any way they want.
