Whether Mac OS user like it or not, the threat is real and Apple is actively investigating and implementing steps to prevent serious system implications and unexpected compromise. Hackers are making use of a legitimate developer certificate to initiate malware attacks by eavesdropping on secure web traffic delivered over the secure HTTPS protocol. OSX/Dok threat was discovered and reported by Check Point who did an absolutely wonderful job of detailing the nature and routes taken by the malware from source to destination.
What are the System & User Security Implications?
Dokument.zip when unpackaged, will launch an application that install additional files and software on your Apple Mac device. There are also security critical processes thar are automatically triggered and used to transfer user specific details to the hackers' command center and this could include identity, financial or other personal information.
There are system processes files called launch agents that are set in motion to navigate and control the level and type of information that is actively transferred once the Mac is connected to the internet and in addition to the fake secure certficate that was registered as part of the user's keychain as a legitimate entity.
These malicious software components will need to be removed to prevent severe consequences to the affected user or business Mac devices.
Note: You will need security protection for your Apple Mac devices, whether they be desktop or laptop types. Check out available Anitivirus solutions for Mac here.