The malware is called OSX/Dok and uses phishing mail filled with a malicious application as its attack vector. Upon successful installation, the malware modifies the OS settings with a shell command that disables security updates. MacbookNext, OSX/Dok gets to work via a man-in-the-middle (MitM) attack designed to intercept the victim’s traffic. Only after it has completed its MitM attack does the malware strap in for its main event. When the victim visits a web page for one of the targeted banks, they see a malicious copy of the actual banks website prompting them to download an application onto their mobile devices “for security reasons”.

If the user submits a working phone number, the attackers send them a link to download the mobile application. At this time, those behind this malware campaign are sending victims a link to Signal, the encrypted messaging app.

Therefore, with the influx of macOS-based malware it is important that Mac users take some steps to protect their computers and can begin with the installation of an anti-virus solution.