February 10, 2024 at 02:21AM
A new Rust-based macOS backdoor, codenamed RustDoor, has been targeting users since November 2023. It masquerades as an update for Microsoft Visual Studio, affecting both Intel and Arm architectures. The malware is capable of gathering and exfiltrating information to a command-and-control server, with links to prominent ransomware families. The U.S. government recently took down the BlackCat ransomware operation.
After reviewing the meeting notes, the main takeaways are:
– A new Rust-based backdoor named RustDoor by Bitdefender is targeting Apple macOS users since November 2023.
– It impersonates an update for Microsoft Visual Studio and targets both Intel and Arm architectures.
– The initial access pathway used to propagate the implant is not currently known, but it’s distributed as FAT binaries containing Mach-O files.
– Multiple variants of the malware have been detected, indicating active development since November 2, 2023.
– RustDoor comes with a range of commands for gathering and uploading files, harvesting information, and exfiltrating captured data to a command-and-control server.
– The malware is likely linked to ransomware families like Black Basta and BlackCat, as indicated by overlaps in C2 infrastructure.
– The US government announced the takedown of the BlackCat ransomware operation in December 2023 and released a decryption tool for affected victims.
For more exclusive content, the team can follow the newsroom on Twitter and LinkedIn.