TechAdvisory.org

Technology Advice for Small Businesses

Old Mac malware gets a facelift

In yet another sign that Apple computers are no longer being ignored by hackers, a successful piece of Windows-based malware has been rewritten for MacOS. Instead of encrypting data and holding it for ransom, OSX.Dok skips the extortion and simply steals your bank account information. Read on to learn what you can do to prevent an infection.

OSX.Dok isn’t new, but it has been improved

Originally, this Mac-based malware looked very different. When OSX.Dok was first reported several months ago, it could infect only older versions of the Apple operating system. Besides being relegated to OS X, it didn’t do much more than simply spy on the internet history of its victims. More recently, however, OSX.Dok was updated to target the newer macOS and to steal banking information.

How does it work?

Like so many malware programs today, this particular threat is distributed via phishing emails. Because the end goal is to acquire private financial information, these emails pretend to have pressing information about taxes or bank statements stored in attachments that actually contain malicious software.

Once any of these attachments are opened, OSX.Dok secretly broadcasts information about the computer and its location to the malware’s authors. Based on that information, hackers can redirect victims that visit banking websites to copycat URLs tailored to their language and location. Almost everything on the copycat sites looks exactly the same, but when you submit your user ID and password, they go straight to hackers.

Worst of all, the latest version of this malware seems to be incredibly advanced. It actively changes the way it hides itself and even modifies system settings to keep the computer from checking for operating system and security updates.

What can I do?

Security experts are still working on a way to combat OSX.Dok, but believe that it will remain a problem for some time to come. For now there are a few things you can do:

Never open attachments from people you don’t know personally, and even then be wary of anything you weren’t expecting.
Pay attention to little details. For example, copyright dates at the bottom of fake banking sites only went to 2013.
Look closely at the lock to the left of URLs in your address bar. Fake websites may have security certificates with names slightly different from those of the sites they mimic.

The best way to stay ahead of threats like OSX.Dok is by partnering with a capable IT provider. That way you can be sure that you have all the latest software and hardware to keep you safe. Even if something managed to slip through, regular audits are sure to find infections sooner than an overburdened in-house team would. Call us today to find out how we can protect you!