“It could also be that they’re using old system calls to avoid triggering any kind of behavioral detections that might be expecting more recent code.” This could also signify that the hackers behind it really don’t know the Mac very well and were relying on old documentation. “However, we shouldn’t take the age of the code as too strong an indication of the age of the malware.
In addition, the binary also includes the open source libjpeg code, which was last updated in 1998. Thomas Reed from Malwarebytes said: “These are some truly ancient functions, as far as the tech world is concerned, dating back to pre-OS X days. First Mac Malware Of 2017 Detected (Apple)