A new Rust-based backdoor named RustDoor has been discovered targeting Apple macOS devices since November 2023, impersonating an update for Microsoft Visual Studio and capable of targeting both Intel and Arm architectures. The malware comes with various commands to gather and upload files, harvest information, and exfiltrate data to a command-and-control server, with connections to ransomware families like Black Basta and BlackCat. The U.S. government recently took down the BlackCat ransomware operation and released a decryption tool for affected victims.
A new Rust-based macOS malware, known as RustDoor, is being distributed as a fake Visual Studio update and provides backdoor access to compromised systems. The malware communicates with command and control servers linked to the ALPHV/BlackCat ransomware gang, potentially indicating a connection to ransomware operations. It is primarily distributed as an updater for Visual Studio for Mac and has been undetected for at least three months. RustDoor has the capability to control compromised systems, exfiltrate data, and establish persistence by modifying system files, using commands such as shell execution, file manipulation, and process termination.
