Apple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023.
The backdoor has been named RustDoor by Bitdefender, which impersonates an update to Microsoft Visual Studio and targets both Intel and Arm architectures.
The exact initial access path used to disseminate the implant is not currently known, although it is said to be distributed as FAT binaries containing Mac-O files.
Several variants of the malware with minor modifications have been detected to date, possibly indicating active development. The earliest sample of Rustdoor is dated November 2, 2023.
It comes with a wide range of commands that allow it to collect and upload files and obtain information about the compromised endpoint.
Some versions also include configuration with details on what data to collect, a list of targeted extensions and directories, and directories to exclude.
The captured information is then sent to a command-and-control (C2) server.
The Romanian cybersecurity firm said the malware is likely linked to major ransomware families such as BlackBasta and BlackCat due to overlap in C2 infrastructure.
“ALPHV/BlackCat is a ransomware family (also written in Rust) that first appeared in November 2021 and pioneered the public leak business model,” said security researcher Andrei Lapusneau.
In December 2023, the US government announced that it had removed the BlackCat ransomware operation and released a decryption tool that more than 500 affected victims could use to regain access to files locked by the malware.
1 comment