New Stealthy "RustDoor" Backdoor Targeting Apple macOS Devices

13.02.2024

 

Since November 2023, a new backdoor targeting Apple macOS users, named RustDoor by Bitdefender, has been operating discreetly. This Rust-based malware disguises itself as a Microsoft Visual Studio update and is capable of affecting both Intel and Arm architectures.

Although the initial access pathway remains unknown, the malware is distributed as FAT binaries containing Mach-O files. The existence of multiple variants with minor modifications suggests ongoing development, with the earliest sample dating back to November 2, 2023.

RustDoor boasts an array of commands enabling file gathering, uploading, and information harvesting from compromised endpoints. Some versions include configurations specifying the data to collect, targeted file extensions and directories, as well as directories to exclude. The exfiltration of captured information occurs through a command-and-control (C2) server.

Bitdefender, the Romanian cybersecurity firm, suggests a potential link between RustDoor and prominent ransomware families like Black Basta and BlackCat due to shared characteristics in C2 infrastructure.

Security researcher Andrei Lapusneau notes that ALPHV/BlackCat, a ransomware family also written in Rust, emerged in November 2021 and introduced the public leaks business model. In December 2023, the U.S. government announced the takedown of the BlackCat ransomware operation, providing a decryption tool for over 500 victims affected by the malware to regain access to their locked files.

Other news

Carbanak Banking Malware Resurfaces with New Ransomware Tactics – 26.12.2023

The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics.

Read More

Cloudflare Breach: Nation-State Hackers Access Source Code and Internal Docs

Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code.

Read More
en_USEnglish