A new banking malware program has been discovered stealing personal information and banking credentials on Mac computers.

Security firm Check Point identified the malware as its creators spread it through mass emailing campaigns. According to the company it’s the first “major scale” attack by a malware on OSX users via email.

Apple famously designed its computers to be resilient to viruses and malware, but exploits still occur. OSX-attacking viruses are usually distributed differently to their Windows counterparts – via websites rather than email.

This new strain, named OSX/Dok, gives the attacker access to all communications from the victim. The malware is designed to impersonate legitimate macOS system messages to trick the user to entering a password.

Once inside a system, OSX/Dok changes the Mac’s network settings to allow outgoing connections of the attacker’s choosing. Once this has been completed it launches two routines that redirect all online communication through the criminal’s server. The crooks can then change what the victim sees online and swipe details on banking sites as they’re entered. Once it’s task is done, the malware is able to delete itself fully from the Mac’s files.

The malware appears to be mostly targeting European users. An example found by Check Point was aimed at a German target and implied there were inconsistencies with the victim’s tax returns.

PC gone mad

Millions of email users have been attacked by a new cybercrime campaign aiming to exploit a vulnerability in Microsoft Office. The backdoor was discovered by McAfee in April and according to new research from security firm FireEye, criminals ae already trying to take advantage.

Following the release of the source code of an unnamed Android banking Trojan earlier this year, hackers have also been developing tools to bypass Google Play Store’s security measures.

Banks are being targeted directly by the TrickBot trojan, which is using redirect attacks to attempt to siphon cash from FIs. So far, according to IBM research, it has done little to no damage.

by Alex Hamilton
Alex is Senior Reporter at IBS Intelligence, follow him on Twitter or contact him at: alexanderh@ibsintelligence.com