Posted on 04/28/2017 10:21:46 AM PDT by Swordmaker
We learned recently that macOS malware grew by 744% last year, though most of it fell into the less-worrying category of adware.
However, a newly-discovered piece of malware (via Reddit) falls into the ‘seriously nasty’ category – able to spy on all your Internet usage, including use of secure websites.
Security researchers at CheckPoint found something they’ve labelled OSX/Dok, which manages to go undetected by Gatekeeper and stops users doing anything on their Mac until they accept a fake OS X update …
OSX/Dok does rely on a phishing attack as its initial way in. Victims are sent an email claiming to be from a tax office regarding their income tax return, asking them to open an attached zip file for details. This should, of course, immediately ring alarm-bells: no-one should ever open a zip file they aren’t expecting, even if it seems to be from a known contact.
But after that, the approach taken by the malware is extremely clever. It installs itself as a Login Item called AppStore, which means it automatically runs each time the machine is booted. It then waits for a while before presenting a fake macOS update window.
The victim is barred from accessing any windows or using their machine in any way until they relent, enter the password and allow the malware to finish installing. Once they do, the malware gains administrator privileges on the victim’s machine […]
The malware then changes the victim system’s network settings such that all outgoing connections will pass through a proxy, which is dynamically obtained from a Proxy AutoConfiguration (PAC) file sitting in a malicious server.
This means that literally everything you do on the Internet, even accessing secure servers using https connections, will pass through the attacker’s proxy. A bogus security certificate is also installed, allowing the attacker to impersonate any website without being flagged.
As a result of all of the above actions, when attempting to surf the web, the user’s web browser will first ask the attacker web page on TOR for proxy settings. The user traffic is then redirected through a proxy controlled by the attacker, who carries out a Man-In-the-Middle attack and impersonates the various sites the user attempts to surf. The attacker is free to read the victim’s traffic and tamper with it in any way they please.
The reason Gatekeeper doesn’t block the malware in the first place is that it has a valid developer’s certificate. This should make it easy for Apple to address, by revoking the certificate, but it of course set in motion again if the attackers can gain access to another certificate.
[[Nasty Mac malware bypasses Gatekeeper, undetectable by most antivirus apps]]
PHEW! Thank goodness I have a windows computer then
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Except many windows viruses cause users to bypass windows altogether by buying Macs. Problem of thousands of windows viruses then no longer a problem.
yeah i was just kiddin- I actually run linux- and only use windows in an offline environment in a dual boot configuration- my linux install is my online os-
Apple has under invested in their OS for years. Considering they have a locked in hardware base it should be pretty simple to keep ahead of the threats. Those massive profits come at a price.
I’ve been running Linux in some form since 1994. Seldom ever boot a Window machine, almost never a MAC machine.
I’ve never had malware on a Linux computer.
Now there is a risk of root kit, but that can happen with the other OS’s too.
Bookmark
the rootkits in linux though are very very scarce- unlike windows viruses which are everywhere- I’m far less concerned about getting viruses in linux than i was running windows (although i had an awesome program called RollBackRX that was like system restore on steroids- as it could be accessed at boot- and revert to before any virus hit- complete restore- no trace of virus afterwards)- but i got sick of doing searches- going to sites you thought would be fine- like a PC oriented site- only to get redirected to another site full of viruses and auto downloads- and constantly having to guard against viruses- and worrying about emails etc- The peace of mind with linux has been a Godsend really-
I only dual boot to windows to use photoshop and soem processing apps within photoshop for photography purposes, and to run windows only games-
I never looked into macs- thought about it a few times because of all the heavy processing i do in photoshop- but was just always comfortable with what i knew- too old to learn new stuff lol
I ran a catalog/advertising department for 5-1/2 years for a wholesale distributor. I lived in a spread sheet and in graphic software.
Quit using Adobe, had several version of Adobe Suite. I found I could do the same job I needed to do with GIMP and use only 1 app. No bridge thingie. (bridge = BLOAT)
Used ImageMagic for mass image processing. Did it daily as I made changes and added images. (47,000 items in warehouse)
Now, seldom need anything I don’t have in Linux. I have knobs screwed down pretty tight for web use.
I have been told repeatedly on this forum by very loud and rude posters that Mac’s don’t have security issues.
So this, and other recent stories, are false..... :-O
The time of the Mac being the best at anything is long past. It’s a platform now for the old dogs not wanting to learn new tricks.
Okie hasn't a clue what he's blathering about in Apple threads. He's here to spread dis-information.
It is. To install something in the booting Startup Items which is a protected Library in OS X and macOS still requires an Administrator Password. It won't happen without the user's stupid complicity. It takes industrial strength stupidity to give a ZIP FILE an administrator's name and password when it unZips. It will be as obvious as all hell that something that should NOT BE ALLOWED is going on.
About the only people I can think of that might be susceptible to this are those who are running as an Administrator and they would STILL have to provide their administrator password, not just click "Yes" when prompted as on the other popular system.
In addition, that screen that comes up looks absolutely NOTHING like a normal Apple update screen. That alone is enough to alert any normally alert Mac user. . . especially since it gives the user no choice in the matter. Apple always gives the user a choice. Pull the plug and then reboot. Find out what's wrong. It's easy to get rid of, simply delete the bogus "AppStore" file from the Startup folder in the Library. Done.
So:
Thank you! Always good to be reminded of safety basics such as not opening a zipfile.
I was thinking about diving into modern linux with some of my older PCs. I haven't worked with Linux since the late 1990s, abandoned it because of problems with hardware and trying to get around it. Since it's more mature now maybe I'll dive in and put it on some PCs that I have (up through 2008 PCs). Mac environment is my main daily thing now; I used to administer Windows/NT and Unix machines.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.