A recently-discovered macOS malware called OSX Dok, which alters the operating system to subvert the security measures put in place, has now started mirroring banking websites according to researchers, in an attempt to steal sensitive information from machines which are infected by it.
The malware which uses ‘phishing’ and ‘man in the middle’ attacks to sneak onto an unsuspecting user’s computer, was discovered back in May by ESET. Initially, it only tricked people into allowing access to their keychain, but since then, has morphed and is now targeting their bank accounts. As Checkpoint explains:
“They are aiming at the victim’s banking credentials by mimicking major bank sites. The fake sites prompt the victim to install an application on their mobile devices, which could potentially lead to further infection and data leakage from the mobile platform as well.”
Apple, however, has continued to revoke the certificates that the malware used to gain access to the underlying system, but this seems to have had little to no effect on it so far. Researchers noted that the group behind the malicious program has continued to get new certificates; what they described as a ‘surge in activity’ with new compromised certifications being purchased daily.
Phishing, as it is generally known, tends to mimic a trusted source, such as a password reset email sent by Apple, or your bank. These redirect users to compromised websites where the victim is asked to enter their details, which are then used to gain access to your data or accounts.
Although companies like Google, Microsoft and Apple have continued the fight against these attacks, with Brad Smith from Microsoft calling for a ‘Digital Geneva Convention’. It is ultimately up to the user to make sure that they only click on links from trusted sources. Many financial institutions update their respective websites with warnings about new threats, and it is generally recommended to keep yourself up to date with what is happening, especially with the recent increase in cyber-attacks. You can also read up on these telltale signs of spotting a suspicious email.