ZuRu (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

osx.zuru (Back to overview)

ZuRu

A malware that was observed being embedded alongside legitimate applications (such as iTerm2) offered for download on suspicious websites pushed in search engines. It uses a Python script to perform reconnaissance on the compromised system an pulls additional payload(s).

References

2021-09-30 ⋅ Trend Micro ⋅ Luis Magisa, Steven Du
Mac Users Targeted by Trojanized iTerm2 App
ZuRu

2021-09-14 ⋅ Objective-See ⋅ Patrick Wardle
OSX.ZuRu: trojanized apps spread malware, via sponsored search results
ZuRu

There is no Yara-Signature yet.

ZuRu Propose Change

References

ZuRu