Trend Micro, a multinational software security company based in the U.S. has, once again, discovered a new macOS Sierra malware. According to the company’s blog, the new malware is an incarnation of a trojan that was used during the Operation Emmental that disrupted major banking systems.
The OSX_DOK.C is another version of the WERLOD trojan from the Operation Emmental that comes to targets via a phishing email. The malware is attached to emails by the perpetrators with various filenames that are packaged as ZIP of DOCX formats.
How does the malware work?
Once a target has downloaded the malware and have tried to open it, it will then initiate a popup message saying the file cannot be opened. After which it will remove the App Store from the system followed by a fake systems update screen.
After all of these, the malware will ask for a root password in order for it to install additional apps and certificates from stolen Apple accounts. Finally, it will modify system settings especially the proxies that will enable it to route Internet traffic to a certain address.
How to protect yourself?
The first line of defence is stay away from phishing websites. Safari and Google Chrome are intelligent enough to detect whether a website has phasing capabilities. If your browser alerts you of this, make sure you exit that website right away.
The second layer of protection is through constant vigilance. Since the malware is spread through emails, make sure you do not open documents and files from unsolicited emails even if they are from one of your contacts.
Thirdly, only download applications from reliable sources. Most of the time, applications from the App Store are quite safe as they are checked by Apple itself for any nefarious codes. However, if the need to download apps outside of the App Store is a must, make sure it is coming from a trusted source.
Finally, it is imperative that macOS Sierra users keep all their applications updated. Some versions of the new malware around are not limited to the main operating system. Some hackers also exploit vulnerabilities from third-party apps even if they came from the App Store itself. By keeping your apps updated all the time, there is a chance that developers would issues a fix on a previous undiscovered flaw. Making your application less prone to external hacks.
Should you be worried at all?
Over the years, Apple has gained a lot of users through its reimagining of the Mac. Since 2006, the company has gained a steady increase in users. Unfortunately, this also led to new malware being introduced to the OS.
This new macOS Sierra malware is just one of the many that was released of late. There have been a massive increase in macOS Sierra malware in the past few months. Apple’s macOS Sierra still remains one of the most secure desktop operating systems in the market. Most users can actually survive without ever having a third-party anti-malware software.
However, hackers and programmers are finding more creative ways of circumventing Apple’s security measures in order to infect systems all over. That is why it is imperative that users remain extra watchful of what they get from the Internet.
As long as macOS Sierra users practice safe usage by not opening malicious files and emails, they are quite safe. Always keep in mind that while Apple is doing its best to keep your computer safe, a system is only as safe as its weakest link. Which, most of the time, is the user itself.
For more tech updates, be sure to check us out at TheBitbag.