Trend Micro researchers have recently discovered a new backdoor we believe to be related to the OceanLotus group. Some of the updates of this new variant (detected by Trend Micro as Backdoor.MacOS.OCEANLOTUS.F) include new behavior and domain names. As of writing, this sample is still undetected by other antimalware solutions.
Due to similarities in dynamic behavior and code with previous OceanLotus samples, it was confirmed to be a variant of the said malware.
OceanLotus was responsible for targeted attacks against organizations from industries such as media, research, and construction. Recently they have also been discovered by researchers from Volexity to be using malicious websites to propagate malware.
Source: Trend Micro