Dok Malware is the Disease that Ailes You

Currently, there is NO cure...

Malware – and specifically ransomware – is probably the most compelling reason I know of to completely abandon personal computing. Depending on where you are, what bug(s) you get, and how badly it affects you, I can totally understand the urge some people must feel to leave the computer age behind. Ransomware, or the type of computer virus that encrypts your hard drive without any way of recovering your data unless and until you cough up a payment or two to a hacker, who is then supposed to send you a key that removes the encryption from your hard drive, allowing you to recover your data, can be especially damaging if you don’t have the data backed up or if your backup(s) also gets infected. Infections like these are especially harmful to small businesses that simply don’t have the cash or resources to remove the infection or pay the ransom.

In order to prevent infections like these, regardless of what operating system or computer type you use, its highly recommended that you use a reputable malware scanner. Like I said… anyone can get malware… (Part 1, Part 2). Problems start when the malware scanner you’re using can’t detect the latest, greatest bug to be declared in the wild – case in point: Dok is the latest critter to move into the macOS space, and it targets ALL versions of OS X and macOS; and will take complete control of your Mac if you let it.

Before we go any further, there is a silver lining to this massive, malware cloud of doom – it’s a phishing attack that requires the user to open a ZIP archive that’s attached to an email message. This should be a warning sign to just about everyone – opening ZIP attachments in an email is likely NOT a good idea, regardless of where they’re coming from or who is sending them.

So, what exactly is phishing? According to Wikipedia, phishing is

“the attempt to obtain sensitive information such as usernames, passwords, and credit card details (and, indirectly, money), often for malicious reasons, by disguising as a trustworthy entity in an electronic communication. [Phishing] is a neologism created as a homophone of fishing due to the similarity of using bait in an attempt to catch a victim.”

Most phishing attempts usually occur via email or instant messaging (so you have to be careful with IM apps as well…) and the “attack” occurs when you open a specific attachment or open an active web page that executes code that directs you to enter personal information on to a page that looks and feels like the real thing. Phishing messages are often sent by imitations of auction sites, credit card and bank sites, online payment processing sites, or from an “IT administrator” from any of those places. The idea is to fool you into thinking that the website or service you’re using/ viewing is legitimate so the hacker can install or execute some other program that will steal financial or other information from you that will provide them with financial gain.

The best and worst thing about phishing attacks is that most users can prevent them by not clicking on suspicious links or opening dubious email attachments sent from people or places you don’t know or recognize or aren’t expecting to receive messages from.

According to Check Point Software, a leading antimalware software publisher, Dok isn’t detectable by any malware scanner from any vendor as of this writing. While this is likely to change quickly, it still represents a huge problem. Dok uses a signed developer certificate. This means that your Mac will allow it to install despite having Gatekeeper active. That signed developer cert is authenticated by Apple, and because of THAT, if you open a ZIP file on your Mac, you could be risking infection.

Once Dok is installed on your Mac, the malware has elevated privileges that will provide access to all communication methods, even those sent over SSL connections, by redirecting all of your traffic through a malicious proxy server. All of your traffic will be monitored, and the person(s) monitoring that data can look through the details, saving what they want. This information could include access to the financial and other PMI based accounts you opened while infected.

The best way to keep yourself infection free at this point is to stay uninfected. In other words, don’t open any ZIP files from anyone. Period. Just delete the email. If you think the sender is a trusted party, email them back and make other arrangements to retrieve the attachments. Services like Dropbox, Google Drive and Microsoft OneDrive all have ways to send secure links to files you want to share with others. Look into those.
Additional information on Dok can be found at Check Point’s Advisories archive. If you’re running Check Point Antivirus R75 – R77, you can prevent unauthorized remote access by following these instructions. If you suspect you already have Dok, you need to take a look at this article by Lory Gil over at iMore. All the folks there are awesome; and this article is especially helpful.

As I mentioned earlier, the best way to keep yourself infection free is to not open attachments in email, especially attachments from someone you don’t know; or if you get unexpected attachments from someone you do know.

In the case of the latter, a quick phone call or text message asking if they did send you something can save you a huge headache. Err on the side of caution, kids. It’s better to be safe than sorry…

You should also make certain you’re running a good antimalware app. If you’re running macOS, you can find one here. If you’re running a Windows machine, you can find one here.

Related Posts:

Stay in touch with Soft32

Soft32.com is a software free download website that provides:

121.218 programs and games that were downloaded 237.780.356 times by 402.775 members in our Soft32.com Community!

Get the latest software updates directly to your inbox