Check Point’s malware research team has detected a new strain of malware. OSX/Dok (or OSX.Dok) affects all versions of OSX and is signed with a valid developer certificate authenticated by Apple (which has been revoked since the malware’s discovery). It is the first major scale malware to target OSX users via a coordinated email phishing campaign.
Although the primary targets, thus far, have been European, it doesn’t usually take long for threat actors to adapt malware for other regions and targets. Given tax time is approaching in Australia, and the bad guys have been using phishing messages “warning” of anomalies in tax returns. there’s a chance we’ll see it rear its head in Australia.
Check Point says
The malware bundle is contained in a .zip archive named Dokument.zip. It was signed on April 21th 2017 by a “Seven Muller” and the bundle name is Truesteer.AppStore.
As well as changing network settings, OSX/Dok installs a new root certificate as well as launching some agents on system start up/
There’s more detailed information on Check Point’s site.