Patrick Wardle, a computer security expert, has discovered a spyware for macOS thanks to a user who wrote on the Malwarebytes forum reporting that his coworker had installed something by accident, and that after this her DNS server settings remained fixed pointing to unwanted IP addresses.
This malware has two main functions that stand out: the hijacking of the DNS server settings so that they point to servers controlled by the attacker and the installation of a root certificate. The first one allows (among other things) that when the victim wants to visit “google.com”, it is the attacker who decides which server the victim should go to in order to download that web page (con lo cual puede responder que acuda a un servidor diseñado para robar información).
En cuanto a la instalación de un certificado raíz, esto permite al atacante modificar las webs a las que accede el usuario o robar información que circule entre la web y el usuario.