SYMBOLCOMMON_NAMEaka. SYNONYMS
osx.zuru (Back to overview)

ZuRu

A malware that was observed being embedded alongside legitimate applications (such as iTerm2) offered for download on suspicious websites pushed in search engines. It uses a Python script to perform reconnaissance on the compromised system an pulls additional payload(s).

References
2021-09-30Trend MicroSteven Du, Luis Magisa
@online{du:20210930:mac:9a6648a, author = {Steven Du and Luis Magisa}, title = {{Mac Users Targeted by Trojanized iTerm2 App}}, date = {2021-09-30}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/21/i/mac-users-targeted-by-trojanized-iterm2-app.html}, language = {English}, urldate = {2021-10-19} } Mac Users Targeted by Trojanized iTerm2 App
ZuRu
2021-09-14Objective-SeePatrick Wardle
@online{wardle:20210914:osxzuru:926e182, author = {Patrick Wardle}, title = {{OSX.ZuRu: trojanized apps spread malware, via sponsored search results}}, date = {2021-09-14}, organization = {Objective-See}, url = {https://objective-see.com/blog/blog_0x66.html}, language = {English}, urldate = {2021-09-16} } OSX.ZuRu: trojanized apps spread malware, via sponsored search results
ZuRu

There is no Yara-Signature yet.