The Mac Malware is built on Xagent, which is directly linked to APT28. The Mac version acts like a modular backdoor that can be easily customized in order for an intruder to fetch specific information. The malware can steal passwords, iPhone backups and even capture live screenshots.