If you are from any European country then you should be more careful as the Check Point Technologies explains that the new malware is targeting European users as of now via attachment-based phishing attacks. Don’t’ worry, you are safe until you downloads an attachment (called Dokument.ZIP) from the email, where it copies itself to the Mac and then displays a false message saying the file couldn’t be opened because it was damaged.
Later it will send another pop-up message showing you there is a new update to your Mac’s software and tell you to click “Update All” right within the message, and then it will ask you to enter your password to continue. That’s how OSX/Dok malware infects your MacOS.
How you can protect yourself against ‘Dok’
The solution for protecting your MacOS from ‘Dok’ malware is pretty easy actually since it’s a phishing attack you can simply avoid any infection just by not opening and downloading any attachments from unknown sources, basically, the attachment file come with the name called Dokument.ZIP so, if this is the name of attachment just don’t’ open it first, go and check the email if it’s an official email or not if it’s an email something like firstname.lastname@example.org you should probably delete that email right away.
What if your MacOS is already infected with ‘Dok’ malware?
If you have already received such email and have opened the attachment on your Mac, chances are your MacOS could already be infected with ‘Dok’. If this is the case there are few steps provided by imore listed below which you can use to clear or remove such malware from Mac.
First, navigate to your Proxy configuration settings and delete the rogue server.
1- Click the Apple Menu icon in the upper left corner of the screen.
2- Click System Preferences from the drop down menu.
3- Click Network.
4- Select your current internet connection (Wi-FI or Ethernet).
5- Click Advanced at the bottom right of the window.
6- Select the Proxies tab.
7- Select Automatic Proxy Configuration.
8- Delete the URL listed as http://127.0.0.1.5555…
Dok also installed two LaunchAgents, which you’ll also have to find and delete.
Lastly, you’ll need to delete the fake signed Apple Developer certificate.
1- Launch Finder.
2- Select Applications.
3- Open your Utilities folder.
4- Double-click on Keychain Access.
5- Select the certificate named COMODO RSA Secure Server CA 2.
6- Right or Control + click on the Certificate.
7- Select Delete Certificate fro the drop down options.
8- Select Delete to confirm that you want to delete the certificate.
Don’t open attachments from unknown sources. Don’t click on suspicious-looking pop-up messages. Check email addresses of senders to see if they are real. You can protect yourself from attacks if you stay aware. If you think that the steps above are too complicated then you can also take help from Apple support or let us know in the comments below.
Rizwan is an avid mobile geek and a gaming lover. He loves to keep a tab on new tech and loves to share latest tech news and reviews on Smartphones, Gadgets, Apps and more here on cyberockk.