Apple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023.
The backdoor has been named RustDoor by Bitdefender, which impersonates an update to Microsoft Visual Studio and targets both Intel and Arm architectures.
The exact initial access path used to disseminate the implant is not currently known, although it is said to be distributed as FAT binaries containing Mac-O files.
Several variants of the malware with minor modifications have been detected to date, possibly indicating active development. The earliest sample of Rustdoor is dated November 2, 2023.
It comes with a wide range of commands that allow it to collect and upload files and obtain information about the compromised endpoint.
Some versions also include configuration with details on what data to collect, a list of targeted extensions and directories, and directories to exclude.
The captured information is then sent to a command-and-control (C2) server.
The Romanian cybersecurity firm said the malware is likely linked to major ransomware families such as BlackBasta and BlackCat due to overlap in C2 infrastructure.
“ALPHV/BlackCat is a ransomware family (also written in Rust) that first appeared in November 2021 and pioneered the public leak business model,” said security researcher Andrei Lapusneau.
In December 2023, the US government announced that it had removed the BlackCat ransomware operation and released a decryption tool that more than 500 affected victims could use to regain access to files locked by the malware.
3 comments
Thank you for the auspicious writeup It in fact was a amusement account it Look advanced to far added agreeable from you However how can we communicate
Usually I do not read article on blogs however I would like to say that this writeup very compelled me to take a look at and do so Your writing taste has been amazed me Thanks quite nice post
Somebody essentially lend a hand to make significantly articles Id state That is the very first time I frequented your website page and up to now I surprised with the research you made to make this actual submit amazing Wonderful task