We've been warning our Tampa clients about WannaCry, but here's one for the Mac users:
Researchers from Check Point Software Technologies have identified a new strain of malware dubbed OSX/Dok that has been found infesting macOS users. The new malware has been primarily found in Europe, where the effect of WannaCry has been felt most heavily, and is being spread primarily via phishing campaigns, using emails spoofed to appear as though they’re coming from official sources.
One example recently discovered by the research team appears to come from the Swiss Government, warning recipients that there were errors in their tax returns. Attached to this email is a file called “Dokument.zip.”
WannaCry exploited weaknesses in Windows, this threat is exploiting official Mac weaknesses.
One of the intriguing things about the malware is that it’s digitally signed with a valid Apple developer’s certificate. These certificates are only issued to certified developers, and they’re important because they’re required in order to publish apps in the official Mac App Store. Also, because the presence of a signed certificate means that they can be installed without triggering security errors that would normally require a manual override.
All it takes to install the malicious code is to unzip the file. Once it’s unzipped, the software will modify the infected PC’s network settings and reroute web traffic through a proxy server located somewhere on the TOR network. A TOR client is installed automatically in the background when the file is unzipped.
From there, every move you make on the web is monitored, and your activity is reported in real time to whomever controls the software, allowing the hackers to steal a variety of personal data and logins.
How did this happen?
What isn’t known at this time is whether the hackers provided false credentials and paid to get a developer’s certificate, or whether they stole one from an innocent third party. In either case, this new strain of malware is one of the most advanced security professionals have ever seen, and although Apple has patched their OS to nullify this threat, researchers warn that there may well be other strains of this code that remain undetected.
The moral of the story, as always, is to remain constantly vigilant in your online life. Don't open attachments you aren't expecting to receive in advance. Pick up the phone and call someone who sends you an attachment to ensure it is legitimate. Hover over links to see where they lead before clicking on them. Call your IT support team to ensure your security patches are up-to-date. And MOST IMPORTANTLY: train your staff in safe internet practices.
Stay safe out there!
