In recent years, the number of malware for macOS has increased. Recently, the Apple ecosystem has been found, the malware, called OSX Dok, which bypasses the protection of the Gatekeeper and retrieve the passwords of their victims. The new versions of “malware” learned to impersonate banking sites with the purpose to intercept the data users to gain access to their Bank accounts.
OSX Dok uses phishing and attack type “man in the middle” for the penetration of the computers. First, the program fraudulently lured access to personal data of users, and then reached the Bank account. Fake websites of banks are forcing users to install the application on the mobile device, which can lead to additional leakage of personal data.
According to analysts, the OSX Dok is distributed through spam emails disguised as messages from the IRS. Such items contain a zipped file, inside of which hides the application Truesteer.AppStore. When I try to launch it, the user will only see the error, whereas in fact, the Trojan copies itself to another location on your hard drive and deletes the original. As the malware uses a certificate signed by Apple, the Gatekeeper doesn’t notice anything suspicious.
When you run the malware impersonating the Bank website. The screen displays a message prompting you to install additional software, which should provide a secure logon account management. Actually Trojan collects the saved passwords, which criminals then use for extortion of money.
Apple constantly revokes certificates used OSX Dok to penetrate the computer, but not very successfully. The creators of the Trojan have continued to obtain new certificates every day.
The attack is based on phishing, so Mac owners should take special caution when receiving suspicious data. It is also recommended to disable the option automatically download message attachments to disk through the sweat program.