The malware has been called Backdoor.MAC.Elanor and has been discovered by researchers at Bitdefender security.
Initially, the researchers found it difficult to accurately determine the means by which infection occurs.
As explained by the experts, one of the loader components distributed via ZIP-file.
As the ZIP-file contains the executable file in the Mach-O format, which disguised as a text or JPEG-file.
The Icloudsyncd executable file is stored in the Library/tool Support/com.apple.iCloud.sync.daemon directory.
By default, it prevents running any unsigned applications from the unidentified sources or developers.
Hence, the Gatekeeper would have blocked the malware, if it is enabled.
