MacOS users are under threat from a new type of malware that has been identified by researchers at cybersecurity company Bitdefender. Dubbed Trojan.MAC.RustDoor, this backdoor masquerades as a Microsoft Visual Studio Code program update but is actually used to steal files from users’ computers. The malware is written in Rust, a programming language that is becoming increasingly popular among cybercriminals due to its ability to evade detection and analysis.
This campaign has been active since at least November of last year and the malware has managed to remain undetected for three months. The backdoor can steal specific files or file types and then archive and upload them to a command and control center (C&C) so that malicious actors can access them.
To distribute itself, the malware spoofs an update to Microsoft’s Visual Studio program and uses names like ‘VisualStudioUpdater’, ‘DO_NOT_RUN_ChromeUpdates’, or ‘zshrc2’. Additionally, the malware runs on multiple types of processors and can include commands like ‘shell’, ‘cd’, ‘sleep’, ‘upload’, ‘taskkill’, or ‘dialog’ that allow cybercriminals to collect and upload files and obtain information about the infected device.
While Bitdefender has not yet attributed this campaign to any known threat actor, they have observed similarities with the ransomware ALPHV/BlackCat, which also uses the Rust programming language and common domains such as command and control infrastructure servers. This new malware poses a significant threat to MacOS users, highlighting the importance of staying vigilant and employing strong cybersecurity practices to protect against such attacks.