Malware distributors are abusing a DLL hijacking vulnerability in Apple s Push Notification service Windows executable to install coin miners on users attempting to download copyrighted software. The vulnerability allows the malware to run with less risk of being detected by security software as its running in a legitimate executable by Apple. The malware developer has also used a hashing algorithm in the AppleVersions.dll to make it harder to detect as malware. This significantly increased their chances to evade security vendors that are looking for the regular hash signatures in memory.
Source: https://www.bleepingcomputer.com/news/security/coinminer-exploits-apple-apsdaemon-vulnerability-to-evade-detection/