Related blog contentNew Mac malware masquerades as iTerm2, Remote Desktop and other apps
Cobalt Strike, a penetration testing tool abused by criminals
OSX.ZuRu is Malwarebytes' detection name for a Trojan dropper that targets MacOS systems.
OSX.ZuRu is a Trojan dropper which at the moment downloads and executes two files which are suspected to set up a Cobalt Strike beacon. The malware is spread posing as the legitimate app iTerm2.
The disk image file for the trojanized iTerm2 includes a link to the Applications folder with a Chinese name.
Download and install the latest version of Malwarebytes for Mac.
Click the “Scan Now” button to perform a system scan.
If threats are detected during the scan, a count of detected threats is displayed. More detailed threat information is displayed after the scan completes.
Click “Confirm” to move the detected threats to Quarantaine.
If a restart is required to complete remediation of threats detected during a scan, you will be notified. When a restart is required, please remember to save all work before clicking “Restart”.
IPs: 220.127.116.11 18.104.22.168(:443)
Select your language