Dubbed WildPressure, the campaign started in May 2019 and for more than a year it involved only a Windows version of a malware named Milum. Earlier this year, however, the campaign’s operators started using new versions of the Trojan, to target macOS systems as well.
In addition to the initially observed C++ iteration of the threat, the researchers discovered a corresponding Visual Basic Script (VBScript) variant that had the same version, but which came with a series of modules, including an orchestrator and three plugins.
Additionally, Kaspersky’s security researchers identified a malware variant written in Python, which can run on both Windows and macOS operating systems. All three Trojan iterations feature similar coding style, design, and command and control (C&C) communication protocol.