The malware infects Mac OS computers by injecting an executable file into the boot process, thereby hiding it from the user and rendering it difficult to remove. The executable then looks for various online payloads and runs them in memory, ensuring that anti-virus software could miss the malware after reboots and other OS events. Ultimately, there is very little for an anti-virus app to find as the payload changes over time and the malware has root privileges on infected machines.