https://www.coindesk.com/new-mac-malwar ... crypto-app
The malware infects Mac OS computers by injecting an executable file into the boot process, thereby hiding it from the user and rendering it difficult to remove. The executable then looks for various online payloads and runs them in memory, ensuring that anti-virus software could miss the malware after reboots and other OS events. Ultimately, there is very little for an anti-virus app to find as the payload changes over time and the malware has root privileges on infected machines.
The malware is based on AppleJeus by the Lazarus APT Group, a North Korean hacking outfit, and comes from a lineage of fileless Windows and Mac OS Trojans that masquerade as crypto trading apps.