Malware linked to the OceanLotus advanced persistent threat (APT) group. Malware is packed in an app, bundled in a.zip archive. The app attempts to pass itself off as a Microsoft Word document (using the Word icon) Researchers said the. app bundle s name utilizes special characters three bytes ( efb880 ) that are in. Unicode-8 encoding. Researchers said this malware variant has similarities to another. malware variant discovered in 2018.
Source: https://threatpost.com/macos-users-targeted-oceanlotus-backdoor/161655/