Threat Management, Malware

Mac malware signed with valid certificate reads HTTPS traffic

Mac users beware as researchers have found yet another reason to rattle the false sense of security some may have concerning Macs and viruses.  

Check Point researchers spotted a Mac OSX malware, dubbed OSX/Dok that has been signed with an Apple signature and reads HTTPS traffic, Check Point lead researcher Ofer Caspi said in an April 27 blog post.

It is unclear how the Apple signature got into the hands of the malware's developers and the Mac signature is the reason why the malware has been able to bypass some native Apple protections. The malware could allow an attacker to intercept a victim's web communications and worse.

The malware primarily targets European users, mainly in Germany and in Austria, and could allow an attacker to redirect victims to a remote proxy server controlled by its operator, where the attacker could steal banking credentials, hijack online accounts and leak sensitive information.

The malware was spread via phishing campaigns and at the time the malware was detected and analyzed, it was still floating under the radar of Apple and by other third party security products leading researchers said.

The malware is bundled in a .zip file and upon execution copies itself onto the /Users/Shared/ folder, and will then proceed to execute itself from the new location by running shell commands, the post said. The malware then posts a fake message claiming the package is damaged and can't execute.

The malware will then flash a series of false security screens until it displays a window on top of all the other screens that claims the users must enter their password to “update” the operating system. The users is barred from doing anything else until they enter the password and subsequently grant the malware administrative privileges.

One of the contributing factors contributing to the campaign's success was users having a false sense of security, trusting the fact that Malware are the sole domain of Windows users, and that Apple native malware protections are bulletproof, Caspi told SC Media.

“As with any other platform, whether it's Windows, Android or Linux, security always starts with the person using it,” he said. “The new cyber reality does not leave room for complacence, users should always use better judgment while they are using any platform and any operating system.”

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.