Apple users are being warned about a newly discovered form of Mac malware which is spread via a phishing attack and steals banking credentials.
The malware, dubbed OSX/Dox, was discovered by researchers from Check Point Security and mirrors the websites of some of the worlds leading banks to steal attempt to steal money from users.
The malware is being spread via a combination of phishing and so called Man in the Middle attacks.
Security experts say the Mac malware is extremely difficult to detect as it is able to bypass Apples stringent security measures and spy on all communications from the victim.
Check Point said they have seen a recent surge in the malware being used by hackers who are currently playing a game of cat and mouse with Apple.
Check Point say the hackers are purchasing dozens of Apple certificates to sign on the application bundle and bypass GateKeeper. As soon as Apple revokes one of the certificates the hackers switch to another, with new certificates being used on a daily basis.
They are aiming at the victims banking credentials by mimicking major bank sites. The fake sites prompt the victim to install an application on their mobile devices, which could potentially lead to further infection and data leakage from the mobile platform as well, Check Point said in a blog post.
Once the malware has been installed on a device it downloads the Tor browser and starts to communicate with servers controlled by the hackers. It then records the location of the infected device and customises the fake banking page depending on the location of the victim, making the attack even more convincing.
Image: Check Point. The very convincing but fake banking page by use by OSX/Dox
The malware then asks victims to login into the fake banking page with their banking credentials and also asks for their mobile number to setup SMS authentication.
Victims are then tricked into downloading a malicious app and the Stack encrypted messaging app.
It is not known why victims are made to download Stack but Check Point researchers speculate that it could be used by the hackers to commit more fraud at later date.
Whatever the goal may be, Signal will possibly make it harder for law enforcement to trace the attacker.
Alternatively, the perpetrator might be using Signal temporarily, to acquire install rate statistics and prove the method is working, while planning to install a malicious mobile application with future victims at a later time.
Unfortunately, the OSX/Dok malware is still on the loose and its owners continue to invest more and more in its obfuscation by using legitimate Apple certificates, Check Point researchers wrote.
The fact that the OSX/Dok is ported from Windows may point to a tendency. We believe more Windows malware will be ported to macOS, either due to the lower number of quality security products for macOS compared to the ones for Windows, or the rising popularity of Apple computers.
Jonathan is our Google Nexus and Android enthusiast. He is also fanatical about football which makes it all the more strange that he should support Stockport County. In addition to writing about tech, Jonathan has a passion for fitness and nutrition and has previously written for one the UKs leading watch and horology websites.
- To Gmail, Black Lives Matter emails are 'promotions' - The Next Web - July 5th, 2020
- Can the Dark Web Be Searched? Find Out How to Reach It - TechNadu - July 5th, 2020
- Tor Browser Download (2020 Latest) for Windows 10, 8, 7 - June 17th, 2020
- Tor Browser Review | PCMag - June 17th, 2020
- What is Tor? Everything you need to know about the anonymity network - The Daily Swig - June 17th, 2020
- Exposing the dark web coronavirus scammers - TechRepublic - June 17th, 2020
- Tor Browser Makes it Easier to Visit Mainstream Websites' .Onion Addresses - PCMag - June 7th, 2020
- Tor Browser 9.5 arrives with the option to automatically switch to more secure Onion versions of sites - BetaNews - June 7th, 2020
- The Dark Web Explained, and how to access it - Techjaja - June 7th, 2020
- Dark web is the underworld of cyberspace - MyRepublica - June 7th, 2020
- How to Track the Tech Thats Tracking You Every Day - Gizmodo Australia - June 7th, 2020
- What is the dark web? Your questions answered, in plain English - Naked Security - May 29th, 2020
- Ransomware that uses .onion websites - Ransomware Help & Tech Support - BleepingComputer - May 29th, 2020
- What is Tor? A beginner's guide to using the private browser - CNET - May 24th, 2020
- How to activate DNS-over-HTTPS in the latest version of Google Chrome - Komando - May 24th, 2020
- The Patriot Act and your privacy - Security Boulevard - May 24th, 2020
- Firefox zero day in the wild: patch now (Tor Browser too!) - Naked Security - April 11th, 2020
- IntSights: The dark web is a wretched hive of coronavirus scams and pandemic cybercrime - VentureBeat - April 11th, 2020
- What Is the Tor Browser & How To Use It In 2020 - Blokt - April 11th, 2020
- Tape the webcam, enable firewall: 11 rules to ensure cyber security when you work from home - Economic Times - April 11th, 2020
- Tails 4.5 Is Out: Run The Live Operating System With Secure Boot - Fossbytes - April 11th, 2020
- This Week In Security: Zoom (Really This Time), Fingerprints, And Bloatware - Hackaday - April 11th, 2020
- Apple blocks third-party cookies in Safari - ZDNet - March 26th, 2020
- Dark Web A cyber heaven of criminal activity - The Financial Express BD - March 26th, 2020
- Install the privacy-focused Tor Browser on your Chromebook in 4 simple steps - Chrome Unboxed - March 24th, 2020
- NetAbstraction Announces Support for Private and Secure Access to the Dark Web #48955 - New Kerala - March 24th, 2020
- Tails 4.4 has been released with new Tor Browser version - Neowin - March 14th, 2020
- Want to browse the web privately? Heres how to do it for real - Yahoo Tech - March 14th, 2020
- 17 things you can buy on the Dark Web - MyBroadband - March 14th, 2020
- 3 ways to browse the web anonymously - We Live Security - January 27th, 2020
- What is a Bitcoin mixer and how does it work? - CryptoTicker - January 27th, 2020
- Digital surveillance threats for 2020 - The Star, Kenya - January 18th, 2020
- Teejayx6 Will Steal Your Identityand Rap About It - WIRED - December 2nd, 2019
- Such as the struggle of the Venezuelan economy, some residents turn to a lucrative gig: Cybercrime - Herald Journalism 24 - December 2nd, 2019
- Smart users guide to the snooping game - Livemint - November 17th, 2019
- Privacy on your smartphone: how to protect your data - AndroidPIT - November 17th, 2019
- BBC News heads to the dark web with new Tor mirror - The Verge - October 27th, 2019
- The Tor Project releases Tor Browser 9.0 with several UX improvements - Neowin - October 27th, 2019
- Fraudulent Tor Browser Spies and Has Been Stealing The Bitcoins - GoodTime Nation - October 27th, 2019
- OnionShare Lets Anyone Host Anonymous Sites on the Dark Web - BleepingComputer - October 16th, 2019
- #SecTorCa: Millions of Phones Leaking Information Via Tor - Infosecurity Magazine - October 16th, 2019
- Is there anything we can do to stop someone spying on us? - Newstalk 106-108 fm - August 25th, 2017
- If you're really concerned about browser security, Incognito isn't enough - TechRepublic - August 20th, 2017
- The Daily Stormer has lost its lease, accessible only via Tor browser - The Moderate Voice - August 20th, 2017
- Tor Project 'disgusted' by Daily Stormer, defends software ethos - CNET - August 18th, 2017
- Neo-Nazi site Daily Stormer resurfaces with Russian domain following Google and GoDaddy bans - Vox - August 16th, 2017
- Tor Browser 7.0.4 Download - TechSpot - August 14th, 2017
- Debian-Based Tails 3.1 Anonymous OS Debuts with Tor Browser 7.0.4, Linux 4.9.30 - LXer (press release) - August 11th, 2017
- Tails 3.1 has been released but you'll need to do a manual upgrade - Neowin - August 10th, 2017
- China and Russia go further in squelching Internet freedom - Washington Post - August 10th, 2017
- The FBI Booby-Trapped a Video to Catch a Suspected Tor ... - Motherboard - August 9th, 2017
- Major Improvements Are Coming Soon to the Tor Browser - The Merkle - August 8th, 2017
- The Attack on Global Privacy Leaves Few Places To Turn - WIRED - August 4th, 2017
- Tor Co-Founder: There Is No Dark Web The Merkle - The Merkle - August 3rd, 2017
- Online privacy protection - Choice - CHOICE - August 2nd, 2017
- There Is Basically No Dark Web. It's Only A Few Webpages TOR Co-founder - Fossbytes - July 31st, 2017
- How to Install Tor Browser for Mac and Protect Your Online Activity - iDrop News - July 29th, 2017
- How to get around an ISP blocking a website - MyBroadband - July 26th, 2017
- Don't blame online anonymity for dark web drug deals. - Slate Magazine (blog) - July 26th, 2017
- Tor network will pay you to hack it through new bug bounty program ... - ZDNet - July 21st, 2017
- Tor Project to launch public bug bounty project - CIO Dive - July 21st, 2017
- How to access the dark web - The Daily Dot - July 20th, 2017
- Your Mailman Is a Drug Dealer. He Just Doesn't Know It. - WNYC - July 20th, 2017
- Want porn? Prove your age (or get a VPN) Naked Security - Naked Security - July 20th, 2017
- Suspected AlphaBay founder dies in Bangkok jail after shutdown of online black market - Washington Post - July 19th, 2017
- S. Sudan blocks Sudan Tribune website over hostile coverage - Sudan Tribune - July 19th, 2017
- Assassins and child porn; a darknet offers everything - The Slovak Spectator - July 19th, 2017
- The best security apps to lock down your Android phone - The Daily Dot - July 14th, 2017
- Mozilla is held to a higher standard - Ghacks Technology News - July 14th, 2017
- Privacy blunder? Firefox's Get Add-ons page uses Google Analytics - Ghacks Technology News - July 13th, 2017
- Russia, China vow to kill off VPNs, Tor browser - The Register - July 11th, 2017
- How to safely search the deep web - The Age - The Age - July 11th, 2017
- ACLU's Gillmor on privacy: 'We pay for what we value' (Q&A) - The Parallax (blog) - July 10th, 2017
- What is Tor browser, and is it safe? | Komando.com - July 7th, 2017
- Darknet 101: Your guide to the badlands of the internet - CNET - CNET - July 5th, 2017
- In Reporting on North Korea, Tech Helps Break Through Secrecy - New York Times - July 5th, 2017
- How to safely search the deep web - The Sydney Morning Herald - July 5th, 2017
- TOR Browser - darkwebnews.com - July 5th, 2017