“Apple has moved to thwart a malware attack that used a legitimate – probably hijacked – developer certificate, by revoking the cert,” Richard Chirgwin reports for The Regster.

“Check Point wrote up the malware last week, calling ‘OSX/Dok’ ‘the first major scale malware to target OSX users via a coordinated email phishing campaign,'” Chirgwin reports. “A hapless user who okayed all the stages of infection would end up having all their communications snooped – even HTTPS sessions encrypted with SSL.”

Chirgwin reports, “According to Kaspersky’s Threatpost, Apple revoked the certificate on Sunday, US time, and also dropped an update to its XProtect anti-malware software.”

Read more in the full article here.

MacDailyNews Take: Of course, never open an unexpected zip file, even if it’s from someone you know.

Nasty Mac malware bypasses Apple’s macOS Gatekeeper, undetectable by most antivirus apps – April 28, 2017