February 9, 2024 at 04:09PM
Bitdefender reports the discovery of the macOS backdoor RustDoor, linked to ransomware families Black Basta and Alphv/BlackCat. The malware supports Intel and Arm architectures and has been undetected since November 2023. It harvests and exfiltrates files, generates victim IDs, and has variants with different functionalities, including impersonating applications.
From the meeting notes, we gather the following key points about the newly identified macOS backdoor written in Rust known as RustDoor:
1. It is linked to the ransomware families Black Basta and Alphv/BlackCat, as reported by cybersecurity firm Bitdefender.
2. RustDoor impersonates Visual Studio and supports both Intel and Arm architectures.
3. The malware has been circulating since November 2023 and remained undetected for approximately three months.
4. Bitdefender has identified several variants of RustDoor, all with the same backdoor functionality but minor variations.
5. The malware supports multiple commands for file harvesting and exfiltration, as well as gathering details about the infected machine, with the information sent to a command-and-control (C&C) server to generate a victim ID for subsequent communication.
6. Specific details about the backdoor’s variants, including their functionalities and characteristics, have been highlighted in the meeting notes.
7. RustDoor’s configuration file contains options to impersonate different applications and customize a spoofed administrator password dialog.
8. The malware uses three C&C servers previously associated with Black Basta and Alphv/BlackCat ransomware campaigns.
Additionally, related malware threats targeting macOS users, such as RustBucket and Rust-Coded Hive Ransomware, as well as a new variant of Buer Malware Loader written in Rust, were mentioned in the meeting notes.
Is there anything specific you would like to further discuss or address based on these meeting notes?