Macs and Apple products that run its proprietary #Operating System, #Mac Os, used to be invulnerable to #malware. However, that seems to have changed over the past few years, and now a brand new malware is reportedly wreaking havoc on multiple Mac OS X machines across the globe. Users who have fallen victim to the proliferating new malicious software will apparently have their devices fully controlled by the group that unleashed it.

The dangerous new Mac menace

The new malware, called OSX/Dok, can be quite devastating for those who actually let the software invade their systems. Firstly, the new malware is not automatic and cannot install itself without a specific action from the target user.

Advertisements
Advertisements

The malware basically starts as an email attachment in the form of a .zip file, which may be named "Dokument.zip."

How it works

Clicking or opening the attachment will automatically trigger an installation of several programs and a couple of changes to the network that will essentially allow its creators to fully access the data coming in and out of the device. This works even with encrypted data sent over SSL. All of the user's outbound actions are apparently redirected through a custom proxy server, where the creators can then pick out specific data such as credit card information, telephone numbers, bank account details, emails, passwords, and other important personal information.

Advertisements

How to prevent it

Obviously disregarding emails from unknown sources will be the first line of defense. This also goes the same for clicking on unsolicited attachments, especially if it comes from unknown or fishy email addresses that look like they have been randomly generated. Immediately deleting these type of emails is probably also the best advice, and having a good security suite might also help. Currently, the malware can bypass some anti-malware software such as VirusTotal and it can also even bypass Gatekeeper without problems.

What to do if you've already clicked the attachment

Removing the malware from Mac OS X involves a lot of steps that may require some familiarity with the operating system. First and foremost, the malicious proxy configuration must be deleted. This can be done under the network settings in the proxies tab and then under Automatic Proxy Configuration.

Next is removing the two installed Launch Agents located in the "Library" folder. The files are "com.apple.Safari.proxy.plist" and "com.apple.Safari.pac.plist." The last step is to delete the fake signed Apple Developer certificate, which can be found under the "Utilities" folder and then "Keychain Access." The certificate is named "COMODO RSA Secure Server CA 2."