A trojan targeting Mac OSX, typically distributed via email and uses a persistent pop-up to obtain a victim's password. It then gains administrative privileges and downloads the Tor client, redirecting traffic through Tor and allowing the threat actors to intercept all outgoing traffic.


A RAT and the first known MaaS targeting Mac users, available for free or as a paid, advanced version on a Dark Web forum. The malware has capabilities including: capture screenshots, log keystrokes, record voice, retrieve clipboard content, retrieve browsing data, obtain iCloud photos, retrieve any files and data, encrypt the entire user directory, disguise the malware as a legitimate file, and access emails and social network accounts.