“After an initial chat conversation, the attacker sent a ZIP file that contained COVERTCATCH malware disguised as a Python coding challenge,” researchers Robert Wallace, Blas Kojusner, and Joseph Dobson said.
The malware functions as a launchpad to compromise the target’s macOS system by downloading a second-stage payload that establishes persistence via Launch Agents and Launch Daemons.