Hackers have hidden malware in a legitimate two-factor authentication (2FA) app for macOS to distribute Dacls, a remote access trojan associated with the North Korean Lazarus group. The threat actor planted the malware in the freely available MinaOTP application that is prevalent among Chinese users. The malware executes after rebooting the system as it is added to the property list (plist) file used by LaunchDaemons and LaunchAgents to run applications at startup. Currently, the malicious file is spotted by 23 out of 59 antivirus engines.
Source: https://www.bleepingcomputer.com/news/security/north-korean-hackers-infect-real-2fa-app-to-compromise-macs/