Skip to main content

Yet Another Mac Malware Infection Identified

By May 23, 2017March 1st, 2023Cybersecurity

Researchers from Check Point Software Technologies have identified a new strain of malware dubbed OSX/Dok that has been found infesting macOS users. The new malware has been primarily found in Europe, and is being spread primarily via phishing campaigns, using emails spoofed to appear as though they’re coming from official sources.

One example recently discovered by the research team appears to come from the Swiss Government, warning recipients that there were errors in their tax returns. Attached to this email is a file called “”

One of the intriguing things about the malware is that it’s digitally signed with a valid Apple developer’s certificate. These certificates are only issued to certified developers, and they’re important because they’re required in order to publish apps in the official Mac App Store. Also, because the presence of a signed certificate means that they can be installed without triggering security errors that would normally require a manual override.

All it takes to install the malicious code is to unzip the file. Once it’s unzipped, the software will modify the infected PC’s network settings and reroute web traffic through a proxy server located somewhere on the TOR network. A TOR client is installed automatically in the background when the file is unzipped.

From there, every move you make on the web is monitored, and your activity is reported in real time to whomever controls the software, allowing the hackers to steal a variety of personal data and logins.

What isn’t known at this time is whether the hackers provided false credentials and paid to get a developer’s certificate, or whether they stole one from an innocent third party. In either case, this new strain of malware is one of the most advanced security professionals have ever seen, and although Apple has patched their OS to nullify this threat, researchers warn that there may well be other strains of this code that remain undetected.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.