Dok

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
Dok is a malware that specifically targets Mac users through a coordinated email phishing campaign. This malware can infect system through suspicious downloads, emails, or websites and has the ability to steal personal information, disrupt operations, or even hold data hostage for ransom. Dok appears to be a Mac port of the Windows banking trojan 'Retefe,' which makes it a particularly dangerous threat. To persist itself as a Login Item, Dok uses AppleScript to create the Login Item and invoke the AddLoginScript method. It also displays a fake full-screen update window that contains a single 'Update All' button to elevate its privileges and persist its payload. Researchers at CheckPoint discovered this malware back in 2017, making it one of the first major scale malware to target Mac users via a coordinated email phishing campaign. In summary, Dok is a dangerous malware that targets Mac users through email phishing campaigns. It can infect systems without user knowledge and has the potential to cause significant harm by stealing personal information or disrupting operations. To avoid falling victim to this malware, users should exercise caution when opening suspicious emails or downloading files from unknown sources.
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Windows
Malware
Trojan
Payload
Phishing
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dok Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
All the Mac malware we know about
MITRE
a year ago
Mac Malware of 2017
MITRE
a year ago
OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic (updated) - Check Point Software
CERT-EU
a year ago
Rusija želi da dekriminalizuje ''patriotsko'' hakovanje