A new Rust-based backdoor is targeting Apple macOS users.
Codenamed RustDoor by Bitdefender, the said backdoor is said to have been on the move under the radar since November 2023. It is impersonating a Microsoft Visual Studio update and targets Macs that are either on Intel or Arm architectures.
The exact initial access pathway used to implant the backdoor is not yet known, but it is said to be being distributed as FAT binaries that have Mach-O files.
There are already multiple variants of the malware discovered, all with minor modifications, hinting that it’s in active development. The earliest sample was found on November 2, 2023.
It has different commands that will allow attackers to gather and upload files and, more alarmingly, harvest information. Some versions have configurations with information about what data to collect, a list of extensions and directories to target, and the directories to exclusive. The captured data will then be exfiltrated to a command-and-control service.
It is said that the malware could be linked to well-known ransomware families like BlackCat and Black Basta.
Via: Bitdefender