Objective-See analyzed a macOS variant of the Lazarus-linked Dacls RAT distributed as a TinkaOTP Apple disk image and application bundle. The initial remote infection path was unknown, but the packaging resembled earlier Lazarus activity that used trojanized macOS applications and social engineering. The sample was an ad hoc-signed 64-bit Mach-O app that copied an embedded resource from the bundle into the user's Library directory as a hidden executable named .mina and set execution permissions. The write-up provides code-signing details, hashes, installation behavior, and detection context that help track Lazarus tradecraft on macOS.