Feb 10, 2024 Newsroom
macOS Malware / Cyberthreat
A new Rust-based backdoor targeting Apple macOS users has emerged, dubbed RustDoor by Bitdefender, and has been lurking undetected since November 2023. This backdoor has the capability to pose as an update to Microsoft Visual Studio and manage both Intel and Arm devices. The specific method used to distribute the installer remains unknown but it is believed to be distributed as FAT binaries containing Mach-O files. Multiple iterations of the malware with minor adjustments have been identified, suggesting potential growth. The initial version of RustDoor was introduced on November 2, 2023. It comes equipped with various commands enabling it to gather and upload files, as well as gather end-crash information.
Some variants also contain a configuration outlining the potential data that could be collected, a list of additional operations it can perform, and various selectable links. The gathered information is then transmitted to a command-and-control (C2) server. A cybersecurity firm from Romania suggests that the malware may have ties to well-known ransomware families such as Black Basta and BlackCat, based on the prevalence of C2 infrastructure. Security researcher Andrei Lapusneau noted, “ALPHV/BlackCat is a family of ransomware (re-written in Rust), which originally surfaced in November 2021 and launched a wave of illicit business activities.” In December 2023, the US government reported that it had neutralized the BlackCat ransomware and released a tool that more than 500 victims could use to regain access to files encrypted by the malware.
Did you find this article interesting? Follow us on Twitter and LinkedIn to read more of our content.
