Skip to main content
Customer Support Customer Support

New OSX.Dok malware intercepts web traffic

  • April 28, 2017
  • 15 replies
  • 3 views
Jasper_The_Rasper
Moderator
Forum|alt.badge.img+54
April 28, 2017 by Thomas Reed
 
                                     



Most Mac malware tends to be unsophisticated. Although it has some rather unpolished and awkward aspects, a new piece of Mac malware, dubbed OSX.Dok, breaks out of that typical mold.

OSX.Dok, which was discovered by Check Point, uses sophisticated means to monitor—and potentially alter—all HTTP and HTTPS traffic to and from the infected Mac. This means that the malware is capable, for example, of capturing account credentials for any website users log into, which offers many opportunities for theft of cash and data.

Further, OSX.Dok could modify the data being sent and received for the purpose of redirecting users to malicious websites in place of legitimate ones.
 
Full Article
    ProTruckDriver
    Baldrick
    B

    15 replies

    Ssherjj
    Moderator
    Forum|alt.badge.img+62
    • Ssherjj
    • Moderator
    • April 28, 2017
    Well Thank you for that New article.
     
    It saids this can be handled with Malwarebytes and Webroot together. So I am wondering if Webroot can nail this OSX.Dok? @ can you find out or not?
    IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.2), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
    ProTruckDriver
    Baldrick
    Jasper_The_Rasper
    J
    • JP_
    • Retired Webrooter
    • April 28, 2017
    I would assume so, but to be sure I'll want @ to confirm. Since it's the end of the day, we'll come back to this first thing Monday.
     
    Happy weekend everyone! :catlol:
    ProTruckDriver
    Baldrick
    Jasper_The_Rasper
    Ssherjj
    Moderator
    Forum|alt.badge.img+62
    • Ssherjj
    • Moderator
    • April 28, 2017
    Thank you JP!! Have a great weekend yourself!
    IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.2), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
    ProTruckDriver
    Baldrick
    Jasper_The_Rasper
    ProTruckDriver
    Moderator
    Sounds like some bad malware. Let's hope the Big W picks it up.;)
    Mac Mini, M-4, 24 GB Memory, 1 TB SSD, macOS Sequoia 15.7.2 ~ Backup with: Time Machine & iCloud. PWM: RoboForm. 👁¿👁 Spam Annihilater 👁¿👁
    Baldrick
    Jasper_The_Rasper
    B
    DanP
    Forum|alt.badge.img+35
    • DanPOpenText Employee
    • OpenText Employee
    • May 1, 2017
    I've passed this on to our Mac team..
     
    -Dan
    Webroot Threat Research
    ProTruckDriver
    RetiredTripleHelix
    Baldrick
    Ssherjj
    Moderator
    Forum|alt.badge.img+62
    • Ssherjj
    • Moderator
    • May 1, 2017
    Thank you @ ...greatly appreciated! 🙂
    IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.2), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
    ProTruckDriver
    Baldrick
    Jasper_The_Rasper
    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54
    I did see an article on Twitter last night about Apple bringing out a silent update for it but I have not seen anything else about it yet but if/when I do I will post it.
    ProTruckDriver
    Baldrick
    B
    Ssherjj
    Moderator
    Forum|alt.badge.img+62
    • Ssherjj
    • Moderator
    • May 1, 2017
    Great! Thanks Jasper! I must of missed it on Twitter. .
     
    Edited: @ I found the article on Twitter. 😉
    IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.2), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
    ProTruckDriver
    Baldrick
    Jasper_The_Rasper
    ProTruckDriver
    Moderator
    Thank you @ :D
     
    @ wrote:
    I did see an article on Twitter last night about Apple bringing out a silent update for it but I have not seen anything else about it yet but if/when I do I will post it.
    Thank you @ Silent Update, eh. :D
     
    My Big Mac Protected With The Big W.  

    Mac Mini, M-4, 24 GB Memory, 1 TB SSD, macOS Sequoia 15.7.2 ~ Backup with: Time Machine & iCloud. PWM: RoboForm. 👁¿👁 Spam Annihilater 👁¿👁
    Baldrick
    Jasper_The_Rasper
    B
    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54
    Sorry for the bad news folks but here is another one!
     
    May 1, 2017 by Thomas Reed
     
                                                 



    On Friday a sophisticated Mac Trojan was discovered, called OSX.Dok, which installs malware designed to intercept all HTTP and HTTPS traffic. This morning, Adam Thomas, a Malwarebytes researcher, found a variant of the OSX.Dok dropper that behaves altogether differently and installs a completely different payload.
    Distribution method

    This variant has the same form as the dropper for OSX.Dok – a zipped app named Dokument.app, masquerading as a document. It is signed with the same (now revoked) certificate as the previous OSX.Dok dropper and it was first uploaded to VirusTotal around the same time.
     
    Full Article
    ProTruckDriver
    B
    Ssherjj
    ProTruckDriver
    Moderator
    @ Look like another one to pass on to the Mac Team. :@
    Mac Mini, M-4, 24 GB Memory, 1 TB SSD, macOS Sequoia 15.7.2 ~ Backup with: Time Machine & iCloud. PWM: RoboForm. 👁¿👁 Spam Annihilater 👁¿👁
    Jasper_The_Rasper
    B
    Ssherjj
    DanP
    Forum|alt.badge.img+35
    • DanPOpenText Employee
    • OpenText Employee
    • May 2, 2017
    @ wrote:
    @ Look like another one to pass on to the Mac Team. :@
    I've passed it along in case this particular variant is not caught by what was added yesterday...
     
    -Dan
    Webroot Threat Research
    ProTruckDriver
    Jasper_The_Rasper
    B
    ProTruckDriver
    Moderator
    Thank you Dan. ;)
    Mac Mini, M-4, 24 GB Memory, 1 TB SSD, macOS Sequoia 15.7.2 ~ Backup with: Time Machine & iCloud. PWM: RoboForm. 👁¿👁 Spam Annihilater 👁¿👁
    Jasper_The_Rasper
    B
    Ssherjj
    Jasper_The_Rasper
    Moderator
    Forum|alt.badge.img+54
    Thank you Dan.
    ProTruckDriver
    Ssherjj
    J
    J
    • JP_
    • Retired Webrooter
    • May 3, 2017

    ProTruckDriver
    Jasper_The_Rasper
    Ssherjj
    Terms & ConditionsAccessibility statement