Mac Users Targeted by Trojanized iTerm2 App
We go into more detail about a fake version of the iTerm2 app that downloads and runs malware, detected by Trend Micro as TrojanSpy.Python.ZURU.A, which collects private data from a victim’s machine.
Earlier this month, a user on Chinese question-and-answer website Zhihu reported that a search engine result for the keyword “iTerm2” led to a fake website called item2.net that mimics the legitimate iterm2.com (Figure 1). A fake version of the iTerm2 app, a macOS terminal emulator, can be downloaded from a link found in iterm2.net. When this app is
Read the article