According to:
http://www.macworld.co.uk/how-to/ma...eed-antivirus-software-3454926/#toc-3454926-6
"
OSX/Dok
Security analysis firm CheckPoint Software Technologies spotted a new OS X malware at the end of April 2017.
Apple rushed to block it.
The macOS Trojan horse appeared to be able to bypass Apple’s protections and could hijack all traffic entering and leaving a Mac without a user’s knowledge - even traffic on SSL-TLS encrypted connections.
OSX/Dok was even signed with a valid developer certificate (authenticated by Apple) according to CheckPoint’s blog post. It is likely that the hackers accessed a legitimate developers’ account and used that certificate. Because the malware had a certificate, macOS’s Gatekeeper would have recognized the app as legitimate, and therefore not prevented its execution. Apple has since revoked that developer certificate and updated XProtect, it’s malware signature system.
The attacker could gain access to all victim communication by redirecting traffic through a malicious proxy server, there's more information about how the attack worked here.
OSX/Dok was targeting OS X users via an email phishing campaign. The best way to avoid falling fowl to such an attempt in the future is not to respond to emails that require you to enter a password or install anything.
Xagent
Xagent is capable of stealing passwords, taking screenshots and grabbing iPhone backups stored on your Mac.
It's thought to be the work of the APT28 cybercrime group, according to Bitdefender.
OSX/Pirrit
OSX/Pirrit was apparently hidden in cracked versions of Microsoft Office or Adobe Photoshop found online. It would gain root privileges and create a new account in order to install more software, according to Cybereason researcher Amit Serper in this report.
MacDownloader
In February 2017 researchers found the MacDownloaded software lurking in a fake update to Adobe Flash. When the installer is run you'll get an alert claiming that there is adware on your Mac.
You'll be asked to click to "remove" the adware, and when you enter your password on your Mac the MacDownloader malware will attempt to transmit data including your Keychain (so that's your usernames, passwords, PINs, credit card numbers) to a remote server.
Luckily the threat seems to be contained for now: the remote server it the malware tries to connect is now offline.
The best way to avoid such attacks is to always check on Adobe's site to see if there is an update to Flash you should be installing.
The MacDownloader malware is thought to have been created by Iranian hackers and was specifically targetted at the US defense industry. It was located on a fake site designed to target the US defence industry (so likely not yourself). In this case the phishing attempt would have been activated via a Flash file, and since Apple has stopped Flash opening by default, again this is unlikely to have affected you.
Word macro virus
PC users have had to contend with macro viruses for a long time. Applications, such as Microsoft Office, Excel, and Powerpoint allow macro programs to be embedded in documents. When these document are opened the macros are run automatically which can cause problems.
Mac versions of these programs haven't had an issue with malware concealed in macros because since when Apple released Office for Mac 2008 it removed macro support. However, the 2011 version of Office reintroduced macros, and there has now been malware discovered in a Word macro, in a Word doc about Trump.
If the file is opened with macros enabled (which doesn’t happen by default), it will attempt to run python code that could have theoretically perform functions such as keyloggers and taking screenshots. It could even access a webcam. The chance of you being infected in this way is very small, unless you have received and opened the file referred to (which would surprise us), but the point is that Mac users have been targeted in this way.
Mac users should still be fairly safe from macros thanks to a warning that appears on screen should a user attempt to open a document containing macros.
Fruitfly
According to a report in January, the Fruitfly malware had been conducting surveillance on targeted networks for possibly two years.
The malware captures screenshots and webcam images, as well as looking for information about the devices connected to the same network - and then connects to them.
Malwarebytes claims the malware could have been circulating since OS X Yosemite was released in 2014.
"
