A cryptocurrency mining campaign targeting macOS is using malware that has evolved into a complex variant giving researchers a lot of trouble analyzing it. The malware is tracked as OSAMiner and has been in the wild since at least 2015. A recently observed variant makes analyzing even more difficult as it embeds a run-only AppleScript into another scripts and uses URLs in public web pages to download the actual Monero miner. Researchers say that the main script also sets up a persistence agent and downloads the first stage of the miner.
Source: https://www.bleepingcomputer.com/news/security/mac-malware-uses-run-only-applescripts-to-evade-analysis/