Security researchers have uncovered a new sophisticated backdoor targeting macOS and dubbed RustDoor also known as Trojan.MAC.RustDoor. Operative since November 2023, this malicious software, identified by Bitdefender, operates under the guise of a Microsoft Visual Studio update, posing a grave risk to users on both Intel and Arm architectures.
Details
Name | RustDoor a.k.a. Trojan.MAC.RustDoor |
Type | Backdoor, Trojan, Mac Malware |
Removal Time | Approximately 15 minutes |
Detection Tool |
See if the System is impacted by RustDoor
Down Load
Malware Removal Tool
|
A Look into RustDoor macOS Backdoor
RustDoor’s propagation method remains somewhat elusive, although initial findings suggest it spreads through FAT binaries containing Mach-O files. What’s more concerning is the detection of multiple variants of the malware, hinting at ongoing development efforts. The earliest known sample traces back to November 2, 2023, indicating a persistent threat landscape.
Equipped with a diverse array of commands, RustDoor enables threat actors to harvest sensitive data, upload files, and glean information about compromised systems. Some iterations of the malware feature customizable configurations specifying the data to collect, targeted file extensions, directories to surveil, and directories to exclude. Subsequently, the pilfered data finds its way to a command-and-control (C2) server, implicating a coordinated cybercriminal operation.
Multiple RustDoor Versions Available
As per the report, this backdoor exhibits various iterations, with the majority of samples showcasing similar core functionalities albeit with minor discrepancies.
Written in Rust, the source code of these files reveals the original source file names upon binary analysis. Rust’s syntax and semantics differ significantly from more conventional programming languages such as C or Python. Consequently, this variance poses challenges for security researchers tasked with analyzing and identifying malicious code. Such complexity provides malware authors with a strategic advantage, enhancing their ability to circumvent detection and evade in-depth analysis.
Bitdefender suggests a potential connection between RustDoor and notorious ransomware families such as Black Basta and BlackCat, citing similarities in C2 infrastructure. Notably, BlackCat, written in Rust and recognized for pioneering the public leaks business model, gained infamy since its emergence in November 2021. The U.S. government’s intervention in December 2023 dismantled the BlackCat ransomware operation, offering a decryption tool to over 500 affected victims to regain control of their files.
Security researcher Andrei Lapusneau underlined the evolving landscape of ransomware threats, emphasizing the need for heightened vigilance and robust cybersecurity measures among macOS users.