For years, Mac users have been relatively safe from the kind of malware attacks Windows users must (or should) regularly safeguard against. Unfortunately, researchers at Check Point have uncovered "Dok," which they call the first "major scale" trojan to target "all versions" of the MacOS. It's passed to users through email phishing campaigns, which have included messages regarding "inconsistencies" in the user's tax returns.
The attacks, which largely target European users, ask you to download a zip attachment. If the file is launched it releases malware that redirects and intercepts user traffic -- even over SSL -- through a "malicious proxy server." When it's done, it deletes itself.
Fortunately, the attack requires you to download the file and enter your root password. That makes it fairly easy to avoid. Simply don't download attachments from people you don't know. However, it's "signed with a valid developer certificate," according to Check Point. It's not hard to steer clear of the malware, but if you fail to, it's bad news.