New Stealthy “RustDoor” Backdoor Targets Apple macOS Devices

Feb 10, 2024NewsroommacOS Malware / Cyber ​​Threats

Apple macOS Devices

Apple macOS users are the target of a new Rust-based backdoor that has been operating under the radar since November 2023.

The back door, codenamed RustDoor by Bitdefender, was found masquerading as an update for Microsoft Visual Studio and targeting Intel and Arm architectures.

The exact initial access path used to deploy the implant is currently unknown, although it is said to be distributed as FAT binaries with Mach-O files.

Several malware variants with minor changes have been found so far, likely indicating active development. The first RustDoor sample started on November 2, 2023.

It comes with a wide range of commands that allow it to collect and upload files, and harvest information about the compromised endpoint.

Cybersecurity

Some versions also include configurations with details about what data to collect, the list of target extensions and directories, and the directories to exclude.

The obtained information is then exfiltrated to the command-and-control (C2) server.

The Romanian cybersecurity firm said the malware is likely linked to prominent ransomware families such as Black Basta and BlackCat due to overlaps in the C2 infrastructure.

“ALPHV/BlackCat is a ransomware family (also written in Rust), which first appeared in November 2021, and that pioneered the business model of leaking to the public,” said security researcher Andrei Lapusneau .

In December 2023, the US government announced that it had eliminated the operation of BlackCat ransomware and released a decryption tool that could be used by more than 500 affected victims to regain access to files locked in malware.

Did you find this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Leave a comment