LamePyre

This malware was first seen as a malicious copy of the Discord app, even though it did not try to fool the user into thinking it is the real Discord app after execution. When executed, the malware sets up a LaunchAgent in order to persist on the system. It will create and execute some python scripts on the system. The malware installs an EmPyre backdoor and, in addition, takes screenshots of the infected system and sends them to its C&C

Source: CheckPoint

Links:

Flurry of new Mac malware drops in December

Samples:
ffc4872e8fffd81eed1b94a6d68f1442e61c380b

Share this: