A new variant of macOS malware known as ZuRu is targeting Apple users by embedding malicious code and a hacking tool into popular utilities used for remote connections and server management, cybersecurity researchers have warned.
First discovered in 2021, ZuRu has evolved over time and can now infect more apps and in new ways, cybersecurity firm SentinelOne said in a July 10 alert. Notably, the latest strain only works on Macs running the Sonoma 14.1 operating system, which Apple launched in October 2023, or Sequoia, its latest operating system.
Earlier versions of ZuRu were found hidden inside both pirated and legitimate copies of popular tools used by developers and IT professionals such as SecureCRT, Navicat, and Microsoft Remote Desktop for Mac. Most recently, the malware was found in a trojanized version of Termius, an app used for managing remote servers and secure network connections….