Science

Mac Malware Gives Hackers a Shortcut to Your Gmail

Be wary of weird email, people.

by Neel V. Patel
Flickr / dustball

Heads up, Mac users: there’s a new malware targeting Apple devices that can steal unauthorized access to communications sent over Gmail and banking websites. Security firm Check Point made the discovery last week, highlighting that malicious hackers were getting in through harmful email. Check Point wrote that this was the “first major scale malware to target OSX users via a coordinated email phishing campaign.”

For the longest time, a big incentive to get a Mac was that malware was virtually nonexistent. “Let the Windows plebeians deal with their problems,” Apple acolytes would cry. Creating malware for devices running macOS was simply too cumbersome, and there were always more layers of protection given how much more frequently Apple released software updates to resolve new vulnerabilities. But there’s been a boom in Mac malware in recent years, and this latest Gmail issue is just another instance of hackers getting more interested in expanding their efforts to include operating systems on the side as well.

Mac Malware laced inside email isn’t very common, but Check Point notes that when it works, it typically gives attackers uninhibited access to all communication sent and received by the victim — including webpages which are supposed to be protected by HTTPS encryption.

Google works to protect communications from between a browser and Gmail servers using HTTPS. But this security can be cut if malware gets installed on a user’s device. The new Mac malware, called OSX/Dok, does exactly that — destroying encryption by installing a new root certificate on the user’s computer. When that occurs, the hacker can simply situate themselves between the user and server, and get access to whatever is sent back and forth.

OSX/Dok basically locks users into a series of dialogue boxes that imitate sound macOS dialogue boxes that ask the user if they trust new software to be installed. Once the malware is installed, it changes the Mac network settings to allow for outgoing connections, and follows up by installing a new root certificate which gives the hacker access to messages stored on the computer.

After that, OSX/Dok creates a pair of routes that reorients all online connections through the hacker’s own server. When that happens, the hacker basically sees what the user sees — and can even control what the user sees. An unsuspecting victim might believe they’re using a secure banking site to access their account, and have no idea their information is openly being watched by another.

Basically, users should continue to apply a scrutinizing eye to any weird emails that come through. Mac malware is still uncommon, but when it arrives, there’s little to prevent attackers from gaining access to a whole slew of personal data.

Related Tags