4/30/2023 0 Comments Snailsvn mac free download![]() The real iTerm2 site is hosted at, which appeared as the second result in the Baidu search. The malicious site that linked to the Trojan disk image used a very similar domain: iterm2net.īaidu has reportedly removed the fraudulent link from its search results. If a user is tricked into running the Trojan horse, OSX/ZuRu downloads and runs a Python script that collects various information from an infected Mac, including but not limited to: What does OSX/ZuRu do to an infected Mac? Researchers later found several other disk images infected with OSX/ZuRu, disguised as other Mac software including Microsoft Remote Desktop, Navicat, SecureCRT, and also reportedly SnailSVN. the user’s bash and zsh Terminal command history. ![]() ![]() Many of these files could contain highly sensitive information such as passwords and private keys. How can one remove or prevent OSX/ZuRu and other threats? The malware then attempts to exfiltrate a zip archive of this data to the server from which the Python script was downloaded.Īn outbound firewall, such as Intego NetBarrier X9, can block malware from exfiltrating data from your Mac. Related: Do Macs need antivirus software? Given that Apple’s threat mitigation features such as notarization, Gatekeeper, XProtect, and MRT do not block many types of threats, it is evident that Apple’s own macOS protection methods are insufficient by themselves. Intego VirusBarrier X9, included with Intego’s Mac Premium Bundle X9, can protect against, detect, and eliminate OSX/ZuRu malware. VirusBarrier is designed by Mac security experts, and it protects against a much wider variety of malware than Apple’s mitigation methods. If you believe your Mac may have been infected, or to prevent future infections, it’s best to use antivirus software from a trusted Mac developer that includes real-time scanning, such as Intego VirusBarrier X9-which also protects Macs from M1-native malware, cross-platform malware, and more. Intego recently earned a 100% detection rating for Mac malware in two independent tests conducted by AV-Comparatives and AV-TEST. Note: Intego customers running VirusBarrier X8, X7, or X6 on older versions of Mac OS X are also protected from these threats. ![]() It is best to upgrade to the latest versions of VirusBarrier and macOS, if possible, to ensure your Mac gets all the latest security updates from Apple. Indicators of compromise (IoCs)įollowing are some specific ways to identify whether a Mac may have been infected by OSX/ZuRu.Īpple has since revoked the Developer ID that was used for signing this malware. The developer name and Team ID of the revoked dev account is: Jun Bi (AQPZ6F3ASY) The following SHA-256 file hashes belong to known OSX/ZuRu files associated with this malware campaign. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |