While specific features evolve with updates, the client generally focuses on: Advanced Utilities

As of late 2025, the developers behind Tarasande are actively updating the client to bypass Apple's new and XProtect Remediator (Apple’s proactive malware removal tool).

If you are looking to download this client today, be very careful.

The client silently scans your drives for specific file types ( .txt , .docx , .pdf , .dat related to crypto wallets). It queries the SQLite databases of over 30 browsers to extract login data and credit card information.

Open-source intelligence (OSINT) suggests the Tarasande Client is sold as Malware-as-a-Service (MaaS) on Russian-speaking underground forums. A typical subscription costs between $150 and $300 per month. The developers offer a web-based control panel where buyers can:

Previously associated with the and OSX.CDDS families, the Tarasande Client is not a virus in the traditional, self-replicating sense. Instead, it is a modular, backdoor trojan that operates as a "client" on a compromised machine, communicating back to a remote server. It has been flagged by security researchers at Malwarebytes, Trend Micro, and Jamf for its aggressive persistence mechanisms and its ability to evade Apple’s built-in security tools, notably XProtect and Notarization checks.