A malware that was observed being embedded alongside legitimate applications (such as iTerm2) offered for download on suspicious websites pushed in search engines. It uses a Python script to perform reconnaissance on the compromised system an pulls additional payload(s).
Mac Users Targeted by Trojanized iTerm2 App
OSX.ZuRu: trojanized apps spread malware, via sponsored search results
There is no Yara-Signature yet.