Why macOS malware like ZuRu still works
A newly observed variant of ZuRu malware is once again targeting macOS users—this time by hiding inside a doctored version of a legitimate app, Termius. It’s the latest example of a growing trend: threat actors exploiting user trust to gain a foothold, even on devices often seen as more secure.
But as familiar as this tactic is, it continues to succeed.
MacOS has a reputation for being more secure than Windows, and to some extent, that’s true.
AV-Test reported in 2023 that over 95% of new malware targets Windows, while macOS accounts for around 6–7%.
Native features like Gatekeeper, software notarization requirements, and SIP (System Integrity Protection) create real hurdles for malware authors. But they don’t make macOS immune. In fact, most macOS malware follows the usual delivery pattern: disguise malicious code inside an app that looks safe and trick the user into launching it.
