Dok is a malware that specifically targets Mac users through a coordinated email phishing campaign. This malware can infect system through suspicious downloads, emails, or websites and has the ability to steal personal information, disrupt operations, or even hold data hostage for ransom. Dok appears to be a Mac port of the Windows banking trojan 'Retefe,' which makes it a particularly dangerous threat.
To persist itself as a Login Item, Dok uses AppleScript to create the Login Item and invoke the AddLoginScript method. It also displays a fake full-screen update window that contains a single 'Update All' button to elevate its privileges and persist its payload. Researchers at CheckPoint discovered this malware back in 2017, making it one of the first major scale malware to target Mac users via a coordinated email phishing campaign.
In summary, Dok is a dangerous malware that targets Mac users through email phishing campaigns. It can infect systems without user knowledge and has the potential to cause significant harm by stealing personal information or disrupting operations. To avoid falling victim to this malware, users should exercise caution when opening suspicious emails or downloading files from unknown sources.