Siggen is a backdoor, that allows an attacker to download and execute any Python/Shell script on infected machine. It’s disguised itself as a portfolio or as a WhatsApp messenger.

Source: CheckPoint

When executed, the malware will download a plist file which will be installed on the system as LaunchAgent in order to persist on the system.

Source: SentinalOne