Dacls Remote Access Trojan (RAT) associated with North Korea’s Lazarus group, designed specifically for the Mac operating system. It spread via TinkaOTP app, an application that provide Two-factor Authentication. This is application is geared toward Chinese speaking people. DaclsRAT persists through LaunchDaemons or LaunchAgents which take a property list (plist) file that specifies the application that needs to be executed after reboot.
Dacls RAT Signatures
Dacls RAT Download