New Mac Malware is mysteriously pushing the Signal private-messaging app onto victims' mobile devices as part of a scheme to steal their banking credentials.
The threat, which goes by the name OSX/Dok, uses phishing mail laden with a malicious application as its attack vector. Those who crafted this campaign purchase Apple certificates (US $99) to sign their malicious application. Such willingness helps the malware bypass Gatekeeper's ever-watchful gaze.
Upon successful installation, OSX/Dok modifies the OS settings with a shell command that disables security updates. It also alters the local host file so that all communication with various Apple websites, as well as VirusTotal, gets redirected to the local machine. These changes prevent the machine from contacting outside services that the victim could use for detection and recovery.
Read more here: www.grahamcluley.com