Warning over new ‘undetectable’ Mac malware that can bypass Apple security


Users are being warned about a new first of its kind malware targeting Mac computers.

Security researchers claim to have discovered the new malware, which is able to bypass Apple security.

The malware affects all current versions of MacOS and OS X and is invisible to most antivirus products.

The new malware, dubbed OSX/Dok, was discovered by cyber security firm CheckPoint.

Once installed on a device, OSX/Dok gives hackers near total control of your machine, including encrypted data.

It is also able to bypass Apple security as it is assigned with a valid developer certificate of authentication by Apple, meaning that it is not flagged by Apple’s own Gatekeeper tool which checks on the validity of installed apps.

The OSX/Dok is infecting users via a targeted phishing campaign, which is appears to be specifically targeting Mac users in Europe.

The email tricks users into downloading the malicious attachment which contains the malware.

Mac Malware

Image: CheckPoint

Once downloaded the malware installs itself on the machine.

The Mac malware then displays a fake pop up informing them that there is a security issue with their device and that they need to install a MacOS update.

In order to download the new update, they need to enter the login details to their system, the fake pop up claims.

However, by entering their system password they inadvertently grant the malware administrator access to their computer.

With administrator access the malware then hijacks all the victim’s internet traffic by carrying out what is known as a man-in-the-middle attack, direct the victim’s web traffic to a proxy that enables the attacker to see everything that is being accessed online.

Because it can bypass Apple’s Gatekeeper security due to it having its own developer certificate, it means that it is difficult for antivirus software to spot.

However, this means that it should also be fairly straightforward for Apple to kill, as once it is able to identify the certificate, it can invalidate it which means it will be automatically blocked by Gatekeeper.

The latest discovery of Mac malware comes as data released last month by McAfee revealed attacks on Mac computers were up 744 percent in 2016.

It should also act as reminder to be cautious when opening email attachments regardless of where they come from.


Comments are closed.