First the good news: in order for Dok to infect a Mac the user needs to open a .zip archive attached to an email. Most people’s suspicions will be raised as soon as they see the Dokument.zip archive attached to an email they don’t recognize. Those that don’t are in for some pain.
According to Check Point, Dok is not currently detected on VirusTotal, meaning it won’t get picked up by any security software run on your system (this will likely change quickly). Dok also uses a developer ceritificate that is signed and therefore authenticated by Apple, meaning your Mac will allow it to install and Gatekeeper is on no help.
Once successfully installed on your system, Dok enjoys complete access to all communications, even those sent over encyrpted SSL. Such access is acheieved by quietly redirecting the user’s traffic through a malicious proxy server. All traffic can be monitored and the attacker can cherry pick through the details. Once done, the malware deletes itself from the system.
If you do somehow get infected or are asked to help get rid of the malware on a friend’s Mac, iMore posted detailed instructions on how to remove Dok. If you’re unsure whether it is Dok, scroll through Check Point’s detailed Dok article and you’ll soon recognize if the malware is the same from the screenshots.
The same advice applies as always: if you have any suspicion at all about an email in your inbox, do not under any circumstances attempt to open the included attachment. 99 percent of the time it’s going to be malicious and you’ll regret taking the risk. Running a good security suite is also advised.
[“Source-pcmag”]