TECHNOLOGY

Horrible New Mac ‘Update’ Malware Can Steal Your Passwords and Financial Info While Avoiding Detection

Apple-targeted OSX/Dok malware lets hackers spy on everything you do.

Share on
BY Minda Zetlin - 30 Apr 2017

PHOTO CREDIT: Getty Images

We all know that Apple computers, once considered invulnerable to viruses and other malware, are no longer as secure as they were once believed to be. In fact, according to a McAfee report earlier this month, malware targeting Macs grew by more than 700 percent during 2016.

It gets worse. Now there's a really evil new piece of malware out there, specifically targeting Macintosh computers. According to security company Check Point, this very nasty virus arrives in a .zip file (the ones found were named "Dokument.zip") that may come with an email asking the user to provide extra information about his or her tax return. Here's how Check Point describes it: "This new malware--dubbed OSX/Dok--affects all versions of OSX, has 0 detections on VirusTotal (as of the writing of these words), is signed with a valid developer certificate (authenticated by Apple), and is the first major scale malware to target OSX users via a coordinated email phishing campaign." An Apple representative says that the developer certification has now been revoked, which may block downloads, at least until a different certification is used.

What happens to those who unwittingly open the .zip file? You may not want to know. The first result is a message telling you that the file was either damaged or incompatible with your software and could not be opened. That will seem like the end of it for a while, but the malware is busy working behind the scenes, installing part of itself every time you boot up. When the installation is complete, it pops up with a scary message bearing the App Store logo. It reads:

OSX Updates Available

A security issue has been identified in a OSX software product that could affect your system. You can help protect your system by installing this update from App Store. After you install this update, you may have to reopen your browser.

It then instructs users to click the "Update All" button below the message and then enter their Apple passwords when the admin dialog box appears. If you try to close the message, ignore it, or do anything else with your computer, you will be blocked by this pop-up. On the other hand, if you do put in your password, all will be well--apparently. You'll be able to go on using your computer and the internet as before.

However, behind the scenes, the malware will use its new administrative powers to install software that re-routes your internet traffic through a third-party site--a "Man-in-the-Middle" attack. It will seem to you that you're browsing as before, only now, everything you do, and every password and bit of information you enter or see on the web can also be seen by hackers without your knowledge. Once this is accomplished, OSX/Dok will delete itself from your computer, making it even harder to detect that you've been hacked.

How can you protect yourself from this awful intrusion? And what should you do about it if it's already happened? Neither Check Point nor Apple has provided any sort of answer as to what to do if you've already gotten the OSX/Dok bug. (I've asked Apple to comment and I'll update this post if they do.)

As to how to avoid it: Don't open .zip files, or any other files that are executable or seem unfamiliar--unless you know the people who sent them to you and you've gotten confirmation--separate from the email with the file--that they really did send them and why.

And hope that Apple or one of the security providers finds a solution to this--soon.