Dok

There is this unaccurate belief among users online that if you are using OSX, you are almost invincible to malware. This falsehood has tricked numerous OSX users into a false sense of security, which has cost many of them dearly. There is a particularly harmful threat targeting OSX systems. It is called Dok, and it is set out to infiltrate OSX devices. The network traffic coming out of the compromised system is rerouted through a remote server operated by the attackers. This allows them to execute a man-in-the-middle (MITM) attack or simply sniff out the network traffic for non-encrypted sensitive data.

The creators of Dok seem to mainly target European countries. Their rampant campaigns in Europe include different languages too, based on where the victim is located. Among the most notable campaigns in the one focused on Germany. To trick the users into giving them access to their OSX device, the attackers would send the victim an email that claims to be regarding to a problem that has occurred with their taxes. The email states that the user should download and go over the document that has been attached, called 'Dokument.zip.' This is a typical social engineering tactic – make the victim feel pressured and stressed so they are more likely to decide something that normally they would not. Like clicking on an attachment in an unexpected email, they have randomly received. If the user falls for this crafty trick and attempts to open the file attached they would launch a whole bundle of malware that was attached to it – 'Truesteer.AppStore.' Then the victim will be greeted with an error notification and a message saying that the system cannot open 'Dokument.zip.' Behind the scenes, Dok continues its rampage. The malware bundle that was initiated would proceed to hide its traces by moving all its files into the '/Users/Shared' directory from their initial folder.

The next step for Dok's authors is to attempt to get your credentials. They do this by presenting you with a pop-up window, which claims that there are pending OSX updates and unless you do the updates immediately you will be unable to use your computer. Furthermore, you will be unable to close the faux window as it will always remain on top of everything else you have opened. The only option Dok leaves you with is to fill in your admin credentials to supposedly start the fake update. Once you do that they will know your password and have access to your account.

Once the creators of Dok have admin rights on your OSX device, they are likely to give more privileges to the user account they have just gained access to. Going even further than this, to ensure you will be left in the dark regarding what is happening on your computer, Dok will disable the password prompts. This means that when the attackers are messing with important computer settings, you will not see a pop-up window asking for your password to be put in to permit the changes that are being made. The cyber crooks may even download and install other applications on your OSX devices such as TOR, brew and SOCAT.

It is not just the capabilities of Dok that make it a particularly nasty threat to deal with but also its stealth. Users may not even realize that their system has been infiltrated and that their network data is being monitored and possibly collected. This is why users need to stay vigilant and become better at noticing red flags online. Also, it is crucial to have a reputable anti-spyware application, which would keep you safe from pests like Dok.

Related Posts

Trending

Most Viewed

Loading...