Home / Malware / Apple blocks comms-snooping malware – The Register

Apple blocks comms-snooping malware – The Register

Apple has moved to thwart a malware attack that used a legitimate – probably hijacked – developer certificate, by revoking the cert.

Check Point wrote up the malware last week, calling “OSX/Dok” “the first major scale malware to target OSX users via a coordinated email phishing campaign”.

A hapless user who okayed all the stages of infection would end up having all their communications snooped – even HTTPS sessions encrypted with SSL.

The malware installation process included a legitimate-looking “your computer has a security problem” window that opened on top of all other windows, which Check Point captured:

The fake update alert

The fake nagware dialogue

If a user relents and okays the dialogue, the malware gets admin privileges, installs the Brew package manager, installs Tor and SORCAT, and forces the user’s connections through a proxy for snooping. The traffic interception is supported by the Comodo certificate installed by the malware.

The purloined certificate recorded by Check Point

According to Kaspersky’s Threatpost, Apple revoked the certificate on Sunday, US time, and also dropped an update to its XProtect anti-malware software. ®


Source link

About admin

Check Also

Valve Patches Security Flaw That Allows Installation of Malware via Steam Games – BleepingComputer

A vulnerability in Valve’s Source SDK, a library used by game vendors to support custom …

Leave a Reply

Your email address will not be published. Required fields are marked *