Dok Malware for Macs Slips by Security Software

A new Malware has been making the rounds that is aimed directly at taking control of all versions of Mac OS X. The malware is called OSX/Dok and to get infected you would have to be very trusting to begin with because the initial infection comes from clicking a zip file in an email from an unknown party.

I think most computer users would understand that clicking on attachments sent in emails from people you don’t know is just asking for an infection. Right now Dok isn’t detected on VirusTotal so any security software that you run on your Mac trying to locate the source of an infection won’t see Dok. Adding to the slipperiness of the malware, Dok also uses a developer certificate that is signed and authenticated by Apple.

That means that Mac systems will allow the computer to install the software and Gatekeeper won’t try and stop the malware. Once the malware is installed it has full access to your system and communications, even if those communications are sent via encrypted SSL. It is able to monitor communications by redirecting traffic through a malicious proxy server. Once the malware grabs the juiciest of your communications, it deletes itself from the infected system.

Odds are that with Dok now unmasked changes will be made quickly to allow Mac machines to detect and block the malware from installing. PCMag has links to removal instructions and detailed screenshots that outline how to identify the malware if you are unsure you have it on your system.