Swiss banks are currently at risk thanks to this newly detected malware that targets machines running MacOS. The malware is able to gain access to the accounts of Swiss banks' customers through phishing emails.
Discovered by security firm TrendMicro, the malware called OSX_DOK makes use of a phishing campaign to assault patrons of Swiss banks.
The infection begins as the creators of the malware send the target victims a phishing email containing infected files. Once the user clicks on the file, a warning window shows up to tell him that the file cannot be opened. The malware then removes the App Store from the system and asks for an administrator password that eventually helps it run its own commands as root. Once the user confirms his password, the malware is able to completely engrain itself into the computer of its target victim.
As of recent reports, the malware targets banks based in Switzerland. Security experts believe that its creators use the malware to steal Swiss banks' patrons' credentials so it can intercept and control banking activity on various Swiss banking sites. The malware does this by redirecting the target victim to a site pretending to be the banks' standard login page.
According to Trend Micro, the time stamp of the dummy account used by the creators of the malware to steal Swiss banks' customers' credentials is relatively new, so it is possible that it was only recently obtained and was especially intended for the planned malware attack.
The fake certificate reportedly emulates Comodo root certificates. However, the lack of a Comodo Certificate Authority seal proved that it was not legitimate. Trend Micro also reported that the malware was previously used on Chrome and Firefox browsers but it failed to work because both browsers make use of their own root certificates, unlike Safari which uses the root certificate system of macOS.