New ZuRu Malware Variant Targeting Developers via Trojanized Termius macOS App
Jul 10, 2025
Endpoint Security / Vulnerability
Cybersecurity researchers have discovered new artifacts associated with an Apple macOS malware called ZuRu, which is known to propagate via trojanized versions of legitimate software. SentinelOne, in a new report shared with The Hacker News, said the malware has been observed masquerading as the cross‑platform SSH client and server‑management tool Termius in late May 2025. "ZuRu malware continues to prey on macOS users seeking legitimate business tools, adapting its loader and C2 techniques to backdoor its targets," researchers Phil Stokes and Dinesh Devadoss said . ZuRu was first documented in September 2021 by a user on Chinese question-and-answer website Zhihu as part of a malicious campaign that hijacked searches for iTerm2, a legitimate macOS Terminal app, to direct users to fake sites that tricked unsuspecting users into downloading the malware. Then in January 2024, Jamf Threat Labs said it discovered a piece of malware distributed via pirated macOS apps that s...
