Pwnet
This is a malware hidden in a hacked version of the game “Counter Strike: GO”. An infection occurs when a user will download a hack for the game. When executed, the malware will ask the user to run it as root:
Source: CheckPoint
When it achieves root permissions, it will download additional files, one of which is a variant of OSX/Pwnet. Its main payload is using computer resources to mind crypto-currencies. The malware also creates a LaunchDaemon “/Library/LaunchDaemons/com.dynamsoft.WebTwainService.plist” in order to persist on the system.
Links:
Samples:
86216a50a60c08cf1f455ff1a27aaeb62b618bc3