New Macintosh Malware Hijacks All Internet Traffic

Macintosh users are quickly becoming a new target for cyber criminals these days. A new type of Mac malware has been discovered, which is capable of intercepting encrypted web traffic. Moreover, this malware uses Tor to hide traffic diverted to a remote proxy. It is a very problematic threat that needs to be thwarted as soon as possible.

Dok Malware Targets Macintosh Users

Up until a year or two ago, one would hardly ever put the words “Macintosh” and “malware” in the same sentence. Things have changed a lot over the past few months, that much is evident. Dok is the latest type of malware discovered by security researchers, and it seems to be packing quite the punch under the hood. Dok, as this malware is known, uses nag screens to gain administrator privileges on the Macintosh machine targeted by the criminals.

To be more specific, the Dok malware is mainly targeting European Macintosh users for some unknown reason. As one would come to expect, the malware is distributed through spam emails, all of which are related to inconsistencies with tax returns. It is not surprising to find out a lot of people open these email attachments to take a closer look at what is going on. All of the emails are seemingly written in the German language, which is quite interesting.

Once the Dok malware package is downloaded onto the computer, users will be greeted with a fake OS X update screen. Once a user clicks the button to update all software, the malware will be installed and gain administrative privileges. Moreover, it will start to hijack encrypted web traffic and even use Tor to reroute traffic through malicious proxies. Moreover, the Macintosh device in question will receive a new loginItem called AppStore, which allows the Dok installation procedure to carry on even if a user reboots the computer in the meantime.

Having all of your internet traffic routed through a remote proxy is not a pleasant experience by any means. Although this process is invisible to the user, it also means the criminals are given access to everything their victims do on the Internet. Although it remains unclear how all of this information is used later on, having someone monitor your everyday activity is very unsettling, to say the least.

Unfortunately, it appears the most nefarious act by this malware is conducted at a later stage. Security researchers have discovered Dok will also install a new root certificate and the Macintosh device in question. This particular certificate is then used to perform man-in-the-middle attacks. This can lead to having sensitive information stolen, such as banking logins, social media account details, and who knows what else.

Moreover, the Dok malware also means the criminals can inject their own web pages in the victim’s browser. Phishing pages, for example, can easily be displayed on the user’s computer, regardless of them typing in the correct address or not. This means anyone who owns a Macintosh can become vulnerable to having a man-in-the-middle attack performed against them.

Luckily, there is a small silver lining for Macintosh users as well. Even though Dok was initially not detected by antivirus solutions, it looks like all major companies have updated their virus definitions over the past week. This does not mean Macintosh users are completely safe from harm either, as the malware can still be downloaded onto a computer without being aware of it. Beware of any email attachments related to the returns, as they are usually not legitimate.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.