The latest Mac malware is in the wild, and the new “OSX.ZuRu” softare appears to spread via infected apps from sponsored search results:
The legitimate and the malicious iTerm2 application bundles contain a massive number of files, including several Mach-O binaries. Moreover, the malicious version appears largely benign (as is the case with most applications that have been surreptitiously trojanized). As such, it takes us a minute to uncover the malicious component.
As always, please be careful with what you download and install on your Mac, and if it seems sponsored and too good to be true, it just might be.
Via The Mac Observer and Objective-See