Researchers at SecureList have been studying a Trojan they have dubbed Calisto that infects macOS. Calisto attempts to pass itself off as Inetego’s security solution for Mac, although it does lack Intego’s signing signature that would make it a valid DMG image. During the installation process, the user is presented with a very convincing license agreement, that only differs only slightly from the real agreement.
If the user clicks “Agree” on the licensing prompt, they will then be prompted for their macOS credentials. For macOS applications that need to make system modifications, this is a normal process. After a brief hesitation, the user is then presented with an error message indicating that the software was unable to be installed due to being invalid. The message also indicates that the user should retrieve and install the application from the official site, Intego. If the user does so, the real version of the anti-virus software will be installed and the user may pass off the initial error as a fluke and forget about it.