macOS Malware 'Dok' Intercepts Web Traffic With Administrator Privileges: Check Point

Share on Facebook Tweet Snapchat Share Reddit Comment
macOS Malware 'Dok' Intercepts Web Traffic With Administrator Privileges: Check Point
  • New malware comes signed with valid developer certificate
  • The malware was found to have 0 detections on VirusTotal
  • Malware reported to be targeting European users

If you are a macOS user and think that one of the major advantages of using this operating system is that you are immune to malware, this news is meant just for you. While macOS has had its time in the sun for long, a new malware that goes by the name of 'Dok' has been reported to specifically target the Apple operating system and potentially allows interception of communications traffic network and provides administrator privileges of the infected system.

Wondering how it is different from other malware that are floating around on the Internet? It is because OSX/Dok, as it is also known, was found to have 0 detections on VirusTotal scanner and comes signed with a valid developer certificate (authenticated by Apple), as per a report by software security firm Check Point. Dok has been reported to be the first major scale malware to target OS X users via a "coordinated email phishing attack" and affects all versions of the OS that have been released till now, as per the report.

The new Trojan has been reportedly targeting European users as of now and much like other attachment-based phishing attacks, requires users to open an infected ZIP file attachment that upon execution shows the user a "package is damaged" error message, but succeeds in copying itself onto the victim's system, and then throws up a fake update page as a persistent pop-up that phishes the user's credentials and provides administrator privileges. By proceeding to install a new root certificate on the victim's system, Dok gains access to the user's communication network with a Man-in-the-Middle (MITM) attack that allows an attacker to impersonate any website, including the ability to read secure HTTPS traffic. Notably, following the lead from some of the recent malware, Dok is able to delete its traces once its work is done as well.

In case you have already been targeted, you can simply follow the steps listed on iMore to clean up your system, as pointed out in a report by Engadget.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

A Spoiler-Free Guide to the Gods of American Gods



© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on