New stealthy “RustDoor” backdoor targets Apple macOS devices

Apple macOS Devices

Apple macOS users are being targeted by a new Rust-based backdoor that has been operating under the radar since November 2023.

The back door, codename RustBy from Bitdefender, appears to mimic an update for Microsoft Visual Studio and target both Intel and Arm architectures.

The exact initial access path used to distribute the implant is currently unknown, although it is said to be distributed as FAT binaries containing Mach-O files.

So far, multiple variants of the malware with minor changes have been detected, likely indicating active development. The earliest copy of RustDoor dates from November 2, 2023.

It comes with a wide range of commands that allow it to collect and upload files, as well as gather information about the compromised endpoint.

Some versions also include configurations detailing what data to collect, the list of targeted extensions and folders, and the folders to exclude.

The captured information is then exfiltrated to a command-and-control (C2) server.

The Romanian cybersecurity company said the malware is likely linked to prominent ransomware families such as Black Basta and BlackCat due to overlaps in the C2 infrastructure.

“ALPHV/BlackCat is a ransomware family (also written in Rust), which first appeared in November 2021, and has pioneered the public leak business model,” said security researcher Andrei Lapusneau.

In December 2023, the US government announced that it had shut down the BlackCat ransomware operation and released a decryption tool that more than 500 affected victims can use to regain access to files locked by the malware.

#stealthy #RustDoor #backdoor #targets #Apple #macOS #devices

Notify of
Inline Feedbacks
View all comments
Previous Post
Warzone RAT Infrastructure

The US DoJ dismantles Warzone’s RAT infrastructure and arrests key operators

Next Post
Raspberry Robin Malware

Divided Raspberry Robin Malware Upgrades and New Exploits

Related Posts