Personal
< Personal
Products
Malwarebytes Premium >
Malwarebytes Privacy VPN >
Malwarebytes Identity Theft Protection >
Malwarebytes Browser Guard >
Malwarebytes for Teams/small offices >
AdwCleaner for Windows >

Find the right product
See our plans
Infected already?
Clean your device now
Solutions
Free antivirus >
Free virus scan & removal >
Windows antivirus >
Mac antivirus >
Android antivirus >
iOS security >
Chromebook antivirus >

See personal pricing
Manage your subscription
Visit our support page
Business
< Business
BUNDLES
Core
Prevent and remediate threats and identify vulnerabilities
Advanced
Utilize threat guidance and patch management plus everything in Core
Elite
Deploy Managed Detection and Response plus everything in Advanced
Ultimate
Protect against categories of malicious websites plus everything in Elite
TECHNOLOGY HIGHLIGHTS
Managed Detection & Response (MDR)
Deploy fully-managed threat monitoring, investigation, and remediation
Endpoint Detection & Response (EDR)
Prevent more attacks with security that catches what others miss
Security Advisor
Visualize and optimize your security posture in just minutes
For Education
Secure your students and institution against cyberattacks
Learn more about Security Advisor (available in every bundle) and see the full list of our products and services.
Full technology list >
Pricing

< Pricing

Personal pricing
Protect your personal devices and data
Small office/home office pricing
Protect your team’s devices and data
Business pricing
Explore our award-winning endpoint security products, from EP to EDR to MDR
Partners
< Partners
Explore Partnerships
Partner Solutions
Resellers
Managed Service Providers
Computer Repair
Technology Partners
Affiliate Partners
Contact Us
Resources
< Resources
Learn About Cybersecurity
Antivirus
Malware
Ransomware
Malwarebytes Labs – Blog
Glossary
Threat Center
Business Resources
Reviews
Analyst Reports
Case Studies
Press & News
Reports

The State of Malware 2023 Report

Read report
Support
< Support
Technical Support
Personal Support
Business Support
Premium Services
Forums
Vulnerability Disclosure
Report a False Positive
Featured Content
Activate Malwarebytes Privacy on Windows device.
See Content

Product Videos

OSX.ZuRu

Short bio

OSX.ZuRu is Malwarebytes’ detection name for a Trojan dropper that targets MacOS systems.

Type and source of the infection

OSX.ZuRu is a Trojan dropper which at the moment downloads and executes two files which are suspected to set up a Cobalt Strike beacon. The malware is spread posing as the legitimate app iTerm2.

Symptoms

The disk image file for the trojanized iTerm2 includes a link to the Applications folder with a Chinese name.

disk image file

Protection

Malwarebytes for Mac detects and removes OSX.ZuRu.

Remediation

Malwarebytes for Mac will detect and remove the components of this malware.

Download and install the latest version of Malwarebytes for Mac.

Click the “Scan Now” button to perform a system scan.

If threats are detected during the scan, a count of detected threats is displayed. More detailed threat information is displayed after the scan completes.

Click “Confirm” to move the detected threats to Quarantaine.

If a restart is required to complete remediation of threats detected during a scan, you will be notified. When a restart is required, please remember to save all work before clicking “Restart”.

IOC’s

File: iTerm.app/Contents/Frameworks/libcrypto.2.dylib

IPs: 47.75.123.111 47.75.96.198(:443)

Domain: iTerm2.net