Dok

Malware updated a month ago (2024-11-29T14:23:32.982Z)
Download STIX
Preview STIX
Dok is a notable piece of malware first discovered by security researchers at CheckPoint, who found that it primarily targets OSX users through an extensive email phishing campaign. This marked the first instance of large-scale malware aimed specifically at OSX users via this method. The malware is essentially a Mac version of the Windows banking trojan 'Retefe'. It infiltrates systems when unsuspecting users launch it, often unknowingly, from their emails. Once Dok has been launched, it executes logic to persist as a Login Item. This persistence allows the malware to automatically run each time the user logs into their system, increasing its potential for damage and making it harder to detect and remove. To achieve this, Dok invokes the AddLoginScript method, utilizing AppleScript to create the Login Item. This sophisticated approach ensures the malware's continuous presence in the infected system. In a further step to ensure its survival and effectiveness, Dok attempts to elevate its privileges within the system. It does this by displaying a fake full-screen update window that contains a single 'Update All' button. When users click on this button, thinking they are performing a routine system update, they are unknowingly granting the malware elevated access. This allows Dok to persist its payload, further compromising the user's system and potentially leading to data theft, disruption of operations, or ransom demands.
Description last updated: 2024-10-15T09:29:31.655Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Dok Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more