macOS – OSX Dok Malware

Check Point research recently found a new malware affecting all versions of macOS 10 operating systems. This malware named OSX Dok is propogated via email phishing. If your MAC becomes infected by this malware, then an attacker can take over complete control of communications.

This includes Secure Sockets Layer traffic. Your traffic is redirected to a proxy server. This malware is located in a file. Once executed this malware copies itself to your /Users/Shared folder.

Some shell commands are then executed. A false positive error message pops up claiming:

“The file Document could not be opened. It may be damaged or use a file format that Preview doesn’t recognize”

If AppStore exists than this malware will delete a current version and create a new one. This bogus AppStore process will startup up each time at boot. This malware will force you to enter your password to install further software.

Eventually, this malware will obtain root privileges and transfer your communications data via TOR and SOCAT proxy tools. This can allow an attacker to perform a man in the middle attack. They can impersonate you on the Internet.

This malware is deleted upon completion.