A new malware has been found targeting macOS users and spreading as an update for a legitimate program, as it looks to steal people’s sensitive data, establish persistence on the vulnerable device and, ultimately, deploy ransomware.
Cybersecurity researchers Bitdefender recently discovered the campaign, called RustDoor, and found it was built on the Rust programming language, granting its operators a number of possibilities, including listing running processes, executing arbitrary shell commands, creating new directories, changing and removing existing ones, exfiltrating files, terminating other malware processes, and more.
It has been active since at least November 2023 and currently has multiple variants out there, suggesting active development.
BlackCat strikes again. Or does it?
The operators, whose identity has not yet been definitely confirmed, have been distributing the malware as an updater for Visual Studio for Mac – Microsoft’s integrated development environment (IDE) for macOS. The platform, the media are saying, is approaching end-of-life on August 31 this year. The malware is delivered under many names, such as ‘zshrc2,’ ‘Previewers,’ ‘VisualStudioUpdater,’ ‘VisualStudioUpdater_Patch,’ ‘VisualStudioUpdating,’ ‘visualstudioupdate,’ and ‘DO_NOT_RUN_ChromeUpdates’, Bitdefender says. This distribution method helps the malware stay under the radar of most cybersecurity solutions and researchers out there.
While it is capable of maintaining persistence and exfiltrating sensitive files from the target devices, the most disruptive activity is still ransomware deployment. Bitdefender’s researchers are saying that the infrastructure used in these attacks is often used by affiliates of BlackCat (AKA ALHPV), but it is also used by other threat actors as well, so it’s difficult to confirm the attackers’ identity just yet.
It seems that cyberattacks against macOS users have intensified this year. So far, we’ve already had multiple reports, including one from SentinelOne which states that Apple can’t keep up with the pace at which hackers are developing macOS malware.