ZuRu

Summary
A series of trojanized applications
Class
Trojan
Class Summary
A Trojan is malware that masquerades as a legitimate program. Once executed, it can perform harmful activities like creating backdoors for unauthorized access, modifying or deleting files, or even downloading additional malware. Trojans commonly spread through software downloads or social engineering via malicious email attachments. Trojans are often focused on espionage capabilities rather than monetary gain, but some overlap may occur depending on attacker objectives. They generally include multiple different functionalities such as remote shell capabilities, keyloggers, infostealers and more.
Description

The ZuRu malware is distributed via various pirated applications. The malware is known for embedding a dylib that goes on to download further malicious payloads. These payloads are sometimes scripts, but the final payload is often a tool the attacker can use to steal sensitive information from a victim's system.

References
Example Hashes
  • 99395781fde01321306afeb7d8636af8d4a2631f
    VirusTotal
  • a2651c95ed756d07fd204785072c951376010bd8
    VirusTotal
  • 4a6861e5c3dff291c16f3f27906f59b4cd6c2076
    VirusTotal