The application is actually a new, mostly undetected version of the MaControl backdoor (Universal Binary), which supports both i386 and PowerPC Macs. We detect it as “Backdoor.OSX.MaControl.b”.
MD5 ( “matiriyal.app/Contents/MacOS/iCnat” ): e88027e4bfc69b9d29caef6bae0238e8
When executed, it installs itself in the system and connects to its Command and Control server to get instructions. The backdoor allows its operator to list files, transfer files and generally, run commands on the infected machine.
To find more detailed information, please click on the link below:
https://www.securelist.com/en/blog/208193616/New_MacOS_X_backdoor_variant_used_in_APT_attacks