In a shocking revelation, macOS users have found that not everything in their App Store-adjacent lives is as safe as it seems. Enter ZuRu, the malware that proves once again why the universe gave us the term ‘Trojanized’—a word just as terrifying as it sounds. For those not in the know, it’s a lot like being handed a taco that secretly has a grenade inside, but for your computer.

Security researchers, who ironically spend more time on macOS than Microsoft Word will ever know, have unveiled this latest threat targeting unsuspecting developers. The threat is masquerading as Termius, an otherwise innocent SSH client and server-management tool. Because nothing says ‘stealth attack’ like transforming into a glorified terminal emulator.

Users are advised to trust only the apps they download directly from the App Store or their friend Dave who still swears by the ethical hacking lessons he picked up from YouTube. Meanwhile, rumors have surfaced that while Apple touts their security, even Siri now whispers, ‘You might want to double-check that download, friend.’