The .bz attachment of the email about a purchase order contains the exe: the malware. Stolen data is exfiltrated via Telegram API.
Kaspersky’s cyber security experts: The first cybercrime threat to macOS systems is the Shlayer trojan
The first cybercrime threat to macOS systems is the Shlayer trojan. This was confirmed by Kaspersky’s cyber security experts, who detect it on one in ten computers. Since February 2018, researchers have acquired at least 32,000 samples of the malware and identified 143 Command and Control (C2) servers. Furthermore, the malicious code algorithm has changed little since it was discovered and the cyber attacks to spread it have not diminished. It is no coincidence that these are more or less on the same levels as when it was first detected. It has only recently been changed from a Bash to a Python script. Its distribution, however, is linked to Torrent or streaming files, disguised as an update required to be able to view the contents. Statistics see the United States as the first target (31% of cyber attacks), followed by Germany (14), France (10) and the UK (10).