Malware OSX/Dok has been seen targeting European users using a wave of spam emails. Malware uses Android-like nag screens to obtain admin privileges, Tor to hide traffic diverted to a remote proxy, and a rogue certificate to intercept encrypted browser traffic. Dok then uses this certificate to perform man-in-the-middle (MitM) attacks. Security experts spotted Dok for the first time on April 21, and at the time of its discovery, Dok had a 0% detection rate on VirusTotal.
Source: https://www.bleepingcomputer.com/news/security/new-dok-mac-malware-uses-nag-screens-intercepts-encrypted-web-traffic/