MacOS Malware Targets Swiss Bank Customers Via Phishing Emails

[Lucian Armasu]

Trend Micro discovered a malware for macOS that targets Swiss bank customers. The malware, called OSX_DOK, is similar to a Windows malware called WERDLOD. Both infect bank customers in Switzerland and other European countries via phishing attacks.

MacOS Malware Targets Swiss Bank Customers Via Phishing Emails : Read more

 

[hellwig]

Fake, self-signed, unknown or untrusted certs should always raise a warning making it very clear you should be safe and not open/interact with the faulty cert unless you are absolutely certain you trust it.

Yes, many people will continue anyway, but it doesn't sound like this warning was even raised with Safari.

I mean, if you can just fake the cert, what good is the cert system to begin with?

 

[firefoxx04]

Fake, self-signed, unknown or untrusted certs should always raise a warning making it very clear you should be safe and not open/interact with the faulty cert unless you are absolutely certain you trust it.

Yes, many people will continue anyway, but it doesn't sound like this warning was even raised with Safari.

I mean, if you can just fake the cert, what good is the cert system to begin with?

The cert is trusted because the malware installs its own Certificate authority onto the system. This will always work.

 

[Jayson_15]

"Trend Micro security researchers recommended users to refrain from downloading file attachments unless they trust the people that sent them." That isn't great advice. Most phising emails are spoofed to appear that they came from a contact or other trusted source.