Users of Apple’s macOS system are now targeted by a new backdoor based on the Rust programming language, which has been operating unnoticed since November 2023.
Given the codename RustDoor by Bitdefender, this backdoor disguises itself as an update for Microsoft Visual Studio and works on Intel and Arm architectures.
The exact access path used to propagate this tool is currently unknown, although it is distributed as FAT binary files containing Mach-O files.
Several variants of this malware have been detected so far with minor modifications, indicating active development. The earliest instance of RustDoor dates back to November 2, 2023.
This backdoor has diverse commands that enable the collection and transmission of files, as well as gathering information about the compromised device.
Some versions also include configurations specifying the details of collected data, target extensions and directories, as well as directories to be excluded.
The retrieved information is then sent to a command and control (C2) server.
A Romanian cybersecurity company stated that this malware is likely associated with ransomware groups such as Black Basta and BlackCat, due to similarities in the C2 infrastructure.
“ALPHV/BlackCat is a ransomware family (also written in Rust) that first appeared in November 2021 and introduced a business model of publicly releasing stolen data,” said security researcher Andrei Lapusneau.
In December 2023, the United States government announced the takedown of the BlackCat ransomware operation and released a decryption tool that over 500 affected victims can use to regain access to files locked by the malware.
Follow us on Twitter and LinkedIn to stay up to date with our exclusive content.
FAQ Section:
The source of the article is from the blog lokale-komercyjne.pl