New MacOS Malware Detected Spreading via Phishing E-mails

 

One fresh malicious program for Mac OS recently got noticed within Europe as it’s getting disseminated through phishing e-mails. CheckPoint Software Technologies the security company has named it OSX/Dok whose payload gets served through a file attached to the e-mail.

 

A sample e-mail, which Check Point’s team analyzed, was crafted as appearing like one Swiss government department’s notification cautioning the reader of mistakes within his tax returns. The e-mail contains one zipped archive named Dokument.zip where the malicious program’s payload is stored.

 

Similar as plentiful attachment-related phishing assaults, an unusual way is required for contaminating an end-user’s computer. Fortunately, the Dok infection doesn’t occur simply by viewing an e-mail. And for those who do become victimized with the program, iMore gives directions to get their PCs clean. Moreover, the sinister program seems as using one faked certificate which circumvents the Gatekeeper screening of Apple so it can without problem creep into the system incase the use isn’t careful. And while avoiding the malware maybe easy, it is potentially extremely destructive incase it manages entry into the system whilst the user overlooks checking out for alert signals. Engadget.com posted this, April 26, 2017.

 

When it’s just midway of the malware’s loading, the malicious program that researchers dubbed OSX/Dok ensures its loading is complete by appending one fresh loginItem called AppStore to the infected end-user’s Mac system. Another function the loginItem does is ensuring the loading procedure goes on even following restarting of the system.

 

Subsequently, nag screens are displayed during the loading act. They advise the end-user to load one emergency security update. Actually this is done for acquiring the end-user’s administrative password that OSX/Dok would utilize for running different commands invisible to the end-user.

 

Meanwhile, the AV solutions of Mac are still to be made up-to-date so they can detect OSX/Dok. In this connection, Apple is urged to withdraw the malware creator’s certificate instantly.

 

The most recent uncovering of the malicious program that apparently strikes mostly European end-users underscores that Macs aren’t safe from the threat like it’s occasionally thought. As usual, people mustn’t follow web-links alternatively download attachments within electronic mails coming from untrustworthy/unfamiliar sources.

» SPAMfighter News – 03-05-2017

Taking steps to avoid phishing scams

APWG says that it recorded or registered over 1.2 million individual phishing attacks over the course of 2016.

 You may think it’s easy to spot an email phishing scam, but if, as a report in Fortune outlines, even two companies positioned at the absolute cutting-edge of high-tech progress, can fall prey to this type of fraud — albeit executed on an elaborate scale — maybe it’s time to think again.
On Friday, Fortune revealed that the two high-profile companies conned into making payments of over US$100 million were none other than Facebook and Google.

A formal charge of wire fraud and deception was made on March 27 and moneys have now been recovered. But it has taken a month to learn the extent of the crimes, the approach and the high-profile nature of the victims.

Global anti-cybercrime organization the Anti-Phishing Working Group (APWG) defines phishing as a “criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials.”

And that mechanism is increasingly an almost perfect recreation of an email purporting to be from an individual, company or institution you’re already familiar with.

It’s a tactic that immediately puts even cautious web users slightly off-guard.

Imagine you’re waiting for information about a parcel delivery and an email lands in your inbox claiming to be from a courier service that appears to have the correct address and logo, so you click on it before thinking.

No wonder it’s a tactic that’s growing in terms of popularity and sophistication with each year that passes.

The APWG says that it recorded or registered over 1.2 million individual phishing attacks over the course of 2016, up 65% on 2015 and, crucially, up 5,753% on 2004 when the organization first started tracking the phenomena.

So, how can you protect yourself from being phished?

You weren’t expecting the unexpected.

If a message appears to be from a company or financial institution you already use, why are they getting in touch? If they’re not responding to an email you sent, be on guard.

Does it spell danger?

Click on the email and check for spelling and grammatical mistakes in the address line as well as the email’s body. If it’s legitimate it should be grammatically flawless.

Call to action

No genuine email would request you to provide personal details or to visit its site via an embedded link within an email message. And if there’s an attachment, just delete the email, altogether. If it is genuine and important, the company will follow up.

If it’s from your bank warning of suspicious activity on your account, for example, contact the bank directly and make sure.

Change the filter

Make sure your computer is running the best anti-virus and anti-spam software you can afford. It should help mitigate the risks of accidentally downloading a malicious attachment.

The views expressed in the contents are those of our users and do not necessarily reflect the views of FMT.

Facebook And Google Remained Mum At Being Scammed Out Of The $100M Scam

The evolution of phishing techniques by cyber criminals has found a new milestone in the form of the recent scam involving the tech giants Facebook and Google. The scam becoming public after the indictment issued by the US Department of Justice has been based upon consistent defrauding the tech companies of $100 million over a span of two years.

In the interesting case of fraudulent email compromise scheme by a Lithuanian scammer, the indictment statement issued by the court pressed charges:

“for orchestrating a fraudulent business email compromise scheme that induced two U.S.-based internet companies (the “Victim Companies”) to wire a total of over $100 million to bank accounts controlled by RIMASAUSKAS.”

Also Read: Umair Hamid of Axact Diploma Mill Scam Found Guilty Of Committing Wire Fraud

Interestingly, the scheme worked over an elaborate plan, working through proper banking channels. The tech giants, were tricked for a period spanning over two years, into wiring a whopping amount of $100 million to two bank accounts located in Latvia and Cyprus. After the transfer, the poached money was swiftly routed through a variety of bank accounts scattered across different locations throughout the world. The destinations involved banks in Latvia, Cyprus, Slovakia, Lithuania, Hungary and Hong Kong.

It was in March this year that the the scammer Evaldas Rimasauskas was arrested by the local authorities in Lithuania. He was later charged with orchestrating the scam scheme. Interestingly, both the tech companies targeted through the fraud stayed anonymous throughout the case. However, through an investigation study carried out by Fortune revealed the identity of the victim companies.

Also Read: Ministry of IT warns WhatsApp users to beware of fake video calling scam

What emerges out of the proceedings of the case is not one, but two major concerns. Where the immediate concern is, obviously, the safety against the scams involving email phishing and fake suppliers which can successfully target even the tech-lord corporations; the second concern is more subtle in nature. The crime has raised certain questions, whose validity can not be ignored, about why the companies have so far kept mum over the matter. The Fortune report quoted a former head of the Securities and Exchange Commission, Mary Jo White’s observation:

“It triggers an obligation to tell investors about what happened.”

White further said:

“I understand the dynamic. You don’t want to provide a road map to future hackers into your system. But that doesn’t excuse not disclosing an event if it’s material.”

%d bloggers like this: