Related blog content
New Mac malware masquerades as iTerm2, Remote Desktop and other appsCobalt Strike, a penetration testing tool abused by criminals
OSX.ZuRu is Malwarebytes' detection name for a Trojan dropper that targets MacOS systems.
OSX.ZuRu is a Trojan dropper which at the moment downloads and executes two files which are suspected to set up a Cobalt Strike beacon. The malware is spread posing as the legitimate app iTerm2.
The disk image file for the trojanized iTerm2 includes a link to the Applications folder with a Chinese name.
Download and install the latest version of Malwarebytes for Mac.
Click the “Scan Now” button to perform a system scan.
If threats are detected during the scan, a count of detected threats is displayed. More detailed threat information is displayed after the scan completes.
Click “Confirm” to move the detected threats to Quarantaine.
If a restart is required to complete remediation of threats detected during a scan, you will be notified. When a restart is required, please remember to save all work before clicking “Restart”.
File: iTerm.app/Contents/Frameworks/libcrypto.2.dylibIPs: 47.75.123.111 47.75.96.198(:443)
Domain: iTerm2.net
Select your language