Janicab is an OS X trojan that relied on a valid developer ID and oblivious users to install it. 
Janicab captured audio and sent it out to a C2 server.
Janicab used a cron job for persistence on Mac devices.
Janicab captured screenshots and sent them out to a C2 server.
Janicab used a valid AppleDeveloperID to sign the code to get past security restrictions.