Among the more harmful threats that are targeting Mac computers is certainly the OSX/Mokes malware. The OSX/Mokes threat has a very wide reach, as this malware is compatible not only with Windows but also Linux and OSX. This threat serves as a backdoor Trojan, which allows its operators to compromise a system, exploit it, monitor the user, and collect sensitive data that will then be transferred to their C&C (Command & Control) servers. Most malware researchers have concentrated on reporting on the Windows variant of the OSX/Mokes, but this does not mean that the other versions of the threat are to be ignored as they are just as threatening.
Propagation Methods and Capabilities
Cybersecurity experts have not been able to figure out the exact propagation method employed in the spreading of the OSX/Mokes malware. It is being speculated that the authors of the OSX/Mokes threat may be utilizing one of the most common practices when it comes to the propagation of Mac malware fake applications. When the OSX/Mokes malware compromises a targeted host successfully, it will be able to:
- Collect keystrokes.
- Take screencaps of the desktop and active windows.
- Record audio using the user’s microphone.
- Record video using the user’s webcam.
- Collect documents from the user’s desktop.
- Execute remote commands on the system.
This list of capabilities would allow the attackers to collect a lot of sensitive information about the user, but the ability to execute remote commands may be the most threatening feature, as this means that the operators of the Trojan are able to plant additional malware on the compromised host. This threat operates rather silently, and you may not notice that there is something wrong with your system until it is too late. If you want to look over your Mac for the presence of the OSX/Mokes Trojan manually, a good place to start is ‘SpotlightHelper,’ ‘DropboxCache,’ ‘SkypeHelper,’ ‘Chrome/nacld,’ ‘App Store,’ or ‘com.apple.dock.cache,’ as this is where the threat tends to store its files. If you want to make this process automated, you may want to trust a reputable anti-malware application to scan your system and determine whether you have been infected by the OSX/Mokes threat or not.