The experts at Trend Micro discovered a malicious program that attacks Mac owners. The malware called OSX_DOK is a modified version of a banking Trojan Werdlod for Windows.
The spread of Trojan OSX_DOK is carried out through phishing emails that contain malicious file extensions .zip and .docx. File .zip is a fake app for macOS, and the second file contains Trojan Werdlod and is used to attack Windows computers. Both programs work like banking Trojans, and have similar functionality.
Once on your Mac, the malware prompts for the administrator password and removes the standard App store. Then run the fake update window macOS. After receiving the credentials, the malware initiates a download of other applications and generates fake certificates for the attack “man in the middle”.
As noted by Securitylab, a malicious campaign OSX_DOK is part of an operation Emmental, which first became known in 2012. In the framework of the Emmental, the attackers were trying to gain complete control over the Bank accounts of users in Switzerland, Sweden, Austria and Japan using a variety of tools and techniques such as phishing attacks, malware and rogue DNS servers.
Independently, the Trojan closes the browser to install the certificate. Every time a Mac user tries to connect to the Bank website, the domain of which is contained in the enclosing code of the Trojan in the list, the screen displays a phishing page to steal credentials.
To reduce the risk of infection with Mac should be attentive to all emails, do not download and open attachments in emails sent from unknown addresses. In case of receipt of the letter with addresses, but which arouses suspicion, it is recommended to contact the sender and confirm the fact of sending the letter.