A new malware has been found targeting macOS users and spreading as an update to a legitimate program, as it seeks to steal people's sensitive data, establish persistence on the vulnerable device, and ultimately deploy ransomware.
Cybersecurity researchers Bitdefender recently discovered the campaign, called RustDoor, and found that it was built in the Rust programming language, granting its operators a number of possibilities, including listing running processes, executing arbitrary shell commands, creating new directories, changing and deleting existing ones. extract files, terminate other malware processes and more.
It has been active since at least November 2023 and currently has multiple variants, suggesting active development.
BlackCat attacks again. Or not?
The operators, whose identity has not yet been definitively confirmed, distribute the malware as an update for Visual Studio for Mac, Microsoft's integrated development environment (IDE) for macOS. The platform, according to the media, will reach the end of its useful life on August 31 of this year. The malware is delivered under many names, such as 'zshrc2', 'Previewers', 'VisualStudioUpdater', 'VisualStudioUpdater_Patch', 'VisualStudioUpdating', 'visualstudioupdate' and 'DO_NOT_RUN_ChromeUpdates', says Bitdefender. This distribution method helps malware stay under the radar of most cybersecurity solutions and researchers out there.
While capable of maintaining persistence and extracting sensitive files from target devices, the most disruptive activity remains the deployment of ransomware. Bitdefender researchers say that the infrastructure used in these attacks is often used by BlackCat (AKA ALHPV) affiliates, but is also used by other threat actors, so it is difficult to confirm the identity of the attackers yet.
It seems that cyberattacks against macOS users have intensified this year. So far, we've already received several reports, including one from SentinelOne claiming that Apple can't keep up with the pace at which hackers are developing malware for macOS.
Through beepcomputer
