February 9, 2024 at 04:55PM
Researchers at Bitdefender have uncovered a new macOS backdoor, Trojan.MAC.RustDoor, linked to the BlackCat/ALPHV ransomware family known for targeting Windows. Written in Rust coding language, the malware masquerades as a Visual Studio code editor update. It has been active for at least three months, gathering and sending data to a command-and-control server. The backdoor bears similarities to previous ransomware campaigns.
Key Takeaways from the Meeting Notes:
1. A new backdoor targeting macOS, known as Trojan.MAC.RustDoor, has been discovered by researchers at Bitdefender.
2. This backdoor is written in the Rust coding language and impersonates an update for Visual Studio code editor.
3. The malware has been active for at least three months and has multiple variants.
4. It gathers data from the Desktop and Documents folders, compresses the information into a ZIP archive, and sends it to a command-and-control (C2) server.
5. The researchers suspect a possible relationship between Trojan.MAC.RustDoor and the BlackBasta and ALPHV/BlackCat ransomware operators based on artifacts and indicators of compromise (IoCs) found.
6. Three out of the four C2 servers associated with Trojan.MAC.RustDoor have been linked to previous ransomware campaigns targeting Windows clients.
7. The BlackCat/ALPHV ransomware group traditionally targets Windows systems such as Microsoft Exchange Services and is also written in Rust.