Objective-See analyzed the macOS side of the 3CX SmoothOperator supply-chain incident after other reports noted possible macOS trojanization and public commentary attributed the broader activity to Lazarus Group. The source identified a malicious libffmpeg.dylib buried inside the signed and Apple-notarized 3CX Desktop App bundle, with the x86_64 slice showing XOR loops, timing checks, dynamic API resolution, string obfuscation, and a pthread-created execution path. The analysis used a custom dlopen loader and LLDB to debug the dynamic library, focusing on the infected Intel build while noting the Arm version did not appear infected. The malware attempted to reach pbxsources.com, which was already offline during analysis, limiting observation of later-stage behavior.