OSX.Dok

Short bio

OSX.Dok is Malwarebytes detection name for a Trojan dropper targeting MacOS systems.

Symptoms

Users may be confronted with this type of prompt where the OK button is unresponsive.

OSX Dok prompt

Type and source of infection

OSX.Dok is downloaded in the form of a zipped app named Dokument.app, masquerading as a document.

dropper for OSX.Dok

Aftermath

OSX.Dok introduces changes that are not easily reversed, among which vulnerabilities and potential behavior changes, so additional measures will be needed. For people who don’t know their way around in the Terminal and the arcane corners of the system, it would be wise to seek the assistance of an expert, or erase the hard drive and restore the system from a backup made prior to infection.

Protection

Malwarebytes for Mac detects and removes OSX.Dok.

Remediation

Malwarebytes Anti-Malware for Mac will detect and remove the important components of OSX.Dok, disabling the active infection. However, when it comes to the other changes that are not easily reversed, which introduce vulnerabilities and potential behavior changes, additional measures will be needed.

Traces/IOCs

Dokument.zip => Dokument.app

/Users/Shared/AppStore.app

Select your language