This malware was first seen as a malicious copy of the Discord app, even though it did not try to fool the user into thinking it is the real Discord app after execution. When executed, the malware sets up a LaunchAgent in order to persist on the system. It will create and execute some python scripts on the system. The malware installs an EmPyre backdoor and, in addition, takes screenshots of the infected system and sends them to its C&C

Source: CheckPoint