Chapter in this post:
According to the renowned software company Check Point is the macOS Trojan OSX / Doc back, and this time he installs Messenger Signal while he also steals account details for online banking. The latter basically works without a signal, which is why the messenger app is assigned different roles by the digital security experts. It is possible that it only serves as a placeholder for mobile attacks on the iPhone for fraudsters who want to steal bank data with the macOS Trojan OSX / Dok.
If you use an Apple Mac, iMac or MacBook to do online banking, you shouldn't come across the OSX / Dok trojan that attacks Mac OS X and macOS.
As early as April 2017, Check Point was rolled into one Post pointed out the Mac malware that attacks Apple users' data. Even then, the attackers 'goal was to read out the victims' communications - also and above all those who run over encrypted SSL data lines. The goal of OSX / Dok is clearly data theft by spying on confidential information, email addresses and passwords. In addition, according to Check Point, there is now the same problem as in April: users of Apple Mac, MacBook and iMac in Europe are particularly affected.
Worth reading: Do I need antivirus software on the Mac or MacBook?
[...] the sneaky actors behind [the OSX / Doc malware] don't give up yet. They target the victim's banking credentials by mimicking sites from major banks.
This gives Check Point in a current Articles known. In addition to spying on login data for online banking, Mac users are called upon to install an app on their smartphone (iPhone). A QR code is provided for this in order to bypass authentications.
The app is currently the messenger Signalwho can take on the following roles:
Apple and the individual products from iMac and Mac to MacBook to iPhone and iPad have long been considered secure and invulnerable. Due to the growing popularity and number of users, cyber criminals are now making much more effort and finding ways to infiltrate your Mac as well. Viruses, malware, ransomware, Trojans and more are no longer just a problem for Microsoft Windows and users of a PC. For example, the attackers buy Apple certificates in order to evade Apple's GateKeeper security program.
In the linked post by Check Point you will find a comprehensive representation of the fake page that is displayed due to the OSX / Dok malware when the victim uses online banking Credit Suisse want to operate. This bank is only one example, since in addition to banks in Switzerland, Germany and Austria, other banking sites in Europe are / may be affected. In any case, on the fake page you get a message about the "modernization of the security system" and you are asked to install the mobile application:
The pages are mostly the same as pods, even the current security notice on the real Credit Suisse page, which one is on Phishing e-mails indicates can be accepted. However, here are three characteristics by which you can recognize a fake online banking site that is related to the Mac Trojan:
Real Credit Suisse site | Fake site for data theft | |
SSL Certificate | "Credit Suisse Group AG (CH)" | "Secure" |
Authentication token in URL | "Auth? ~ ..." | "Auth? Language = ..." |
Years in copyright | 1997-2017 | 1997-2013 |
The OSX / Dok Trojan initially locates the victim using its IP address. Depending on the geographic position, the proxy is then selected, which redirects to the C&C server (Command and Control) in the correct language via the Tor network and the Dark Net. Or to put it another way: if a bank page is called up, the user does not come to the page on the bank's servers, but is directed to the fake page on the attacker's servers. If you want to see which bank URLs are affected, then I recommend this overview from Check Point:
You can find even more information, notes and background information on the current threat for everyone who uses the Apple Mac for online banking in the linked articles from Check Point. There you will also find further graphics and details on the source code of the OSX / Dok trojan. Finally, I would like to suggest a few more articles from this blog:
After graduating from high school, Johannes completed an apprenticeship as a business assistant specializing in foreign languages. But then he decided to research and write, which resulted in his independence. For several years he has been working for Sir Apfelot, among others. His articles include product introductions, news, manuals, video games, consoles, and more. He follows Apple keynotes live via stream.
2 comments
Maybe you won't get this trojan until you go to Check Point. All very dubious.
Separate multiple backups and slider for the camera, on the other hand, is a good tip and has been done by me for a long time.
And I don't even react to emails from banks. I also don't understand how PayPal, for example, still sends the notice of a new account overview by email.
Yes, that is the right attitude. Nothing really important comes from a bank via email. And certainly not an indication that the access data must be verified. Unfortunately, with PayPal you have the problem that information is sometimes sent by email. I would like them to have 2-factor authentication. That would make the story much less risky. LG! Jens