The newly discovered Sabpab malware is in many ways a basic backdoor Trojan horse. It connects to a control server using HTTP, receiving commands from remote hackers as to what it should do. The criminals behind the attack can grab screenshots from infected Macs, upload and download files, and execute commands remotely.
The Trojan creates the files
Encrypted logs are sent back to the control server, so the hackers can monitor activity.
The potential for abuse of compromised Macs should be obvious, given the Trojan's functionality.