a MacOS backdoor distributed via malicious word documents targeting MacOS systems in Vietnam and written in the Perl programming language
A trojan targeting Mac OS X systems first reported on in May 2015, packaged as an application bundle masquerading as an Adobe Flash Player update. A separate OceanLotus variant discovered in June 2017 is distributed via a ZIP file, likely sent as an attachment in an email.
A RAT and the first known MaaS targeting Mac users, available for free or as a paid, advanced version on a Dark Web forum. The malware has capabilities including: capture screenshots, log keystrokes, record voice, retrieve clipboard content, retrieve browsing data, obtain iCloud photos, retrieve any files and data, encrypt the entire user directory, disguise the malware as a legitimate file, and access emails and social network accounts.
Proton is a remote access trojan (RAT) targeting macOS, first dispatched in late 2016. It is being advertised on Russian underground hacking forums, YouTube videos, and a custom website.
The Adwind Trojan, also referred to as AlienSpy, Frutas, Unrecom, Sockrat, JSocket and jRAT, is a remote access tool (RAT) discovered as Frutas in 2012. The Trojan's backdoor is written in Java allowing it to run on multiple platforms including Windows, Mac OS, Linux, and Android.