Priya PatelTLDR:
– A new stealthy backdoor called RustDoor has been targeting Apple macOS devices since November 2023.
– The backdoor impersonates an update for Microsoft Visual Studio and targets both Intel and Arm architectures.
Romanian cybersecurity firm Bitdefender has discovered a new backdoor called RustDoor that has been targeting Apple macOS devices since November 2023. The backdoor is disguised as an update for Microsoft Visual Studio and targets both Intel and Arm architectures. It is distributed as FAT binaries containing Mach-O files, though the exact initial access pathway used to propagate the implant is not known. Multiple variants of the malware have been detected, suggesting ongoing development.
The RustDoor backdoor comes with a wide range of commands that allow it to gather and upload files, as well as harvest information about the compromised endpoint. Some versions of the malware include configurations that specify what data to collect, the list of targeted extensions and directories, and the directories to exclude. The captured information is then exfiltrated to a command-and-control (C2) server. Bitdefender suggests that RustDoor is likely linked to well-known ransomware families such as Black Basta and BlackCat due to similarities in the C2 infrastructure.
In December 2023, the U.S. government took down the BlackCat ransomware operation and released a decryption tool that allowed more than 500 victims to regain access to their files. RustDoor may have connections to these ransomware families, as both RustDoor and BlackCat are written in the Rust programming language.
The discovery of RustDoor highlights the ongoing threat to Apple macOS devices from sophisticated malware. Users should be cautious when downloading updates or software from unofficial sources and ensure that their devices are protected with up-to-date antivirus software.
