New “RustDoor” Backdoor Threatens Apple macOS Devices

A recent discovery has unveiled a new threat to Apple macOS users in the form of a stealthy backdoor known as RustDoor. This malicious software, which has been active since November 2023, poses as an update for Microsoft Visual Studio, targeting both Intel and Arm architectures.

RustDoor operates by infiltrating systems through initially unknown pathways, often masquerading as FAT binaries containing Mach-O files. Its creators have been continuously modifying the malware, resulting in multiple variants detected so far. The earliest sample of RustDoor traces back to November 2, 2023, indicating ongoing development and refinement of the threat.

Once installed, RustDoor equips itself with a diverse set of commands, enabling it to collect and transmit files as well as extract valuable information from compromised devices. Some versions of the malware come with configurable settings, allowing attackers to specify the types of data to collect, targeted extensions and directories, and exclusions.

The harvested data is then sent to a command-and-control (C2) server, providing cybercriminals with access to sensitive information. Bitdefender suggests a potential connection between RustDoor and notorious ransomware families like Black Basta and BlackCat, citing similarities in their C2 infrastructure.

Security researcher highlights the resemblance between RustDoor and ALPHV/BlackCat ransomware, both written in Rust, which gained prominence in November 2021. In December 2023, the U.S. government intervened by dismantling the BlackCat ransomware operation and releasing a decryption tool for over 500 victims, enabling them to recover files encrypted by the malware.

Protect your Apple macOS device by ensuring it is equipped with the latest security updates and antivirus software. Exercise caution when downloading software or updates, particularly from unverified sources. Additionally, user can regularly back up your data to mitigate the impact of potential breaches, and remain vigilant for suspicious activity or unexpected system behavior.