New ‘malware’ found in MacOS that steals files by pretending to be a Visual Studio update

A team of cybersecurity researchers from Bitdefender have identified a new form of malware that targets MacOS users. The backdoor, known as Trojan.MAC.RustDoor, is written in Rust, a relatively new programming language used by cybercriminals to evade detection and analysis.

The malware can be used to steal specific files or file types and then archive and upload them to a command and control center (C&C) where malicious actors can access them. This campaign has been active since at least November of last year and has gone undetected for at least three months.

To distribute itself, the malware spoofs an update to Microsoft’s Visual Studio program and uses names like ‘VisualStudioUpdater’, ‘DO_NOT_RUN_ChromeUpdates’, or ‘zshrc2’. The malware runs on multiple types of processors and includes commands such as ‘shell’, ‘cd’, ‘sleep’, ‘upload’, ‘taskkill’, or ‘dialog’ that allow cybercriminals to collect and upload files and obtain information about the infected device.

Despite these findings, Bitdefender has not yet attributed this malware campaign to any known threat actor. However, they have observed similarities with the ransomware ALPHV/BlackCat which also uses the Rust programming language and common domains such as command and control infrastructure servers.

This new malware poses a significant threat to MacOS users, highlighting the importance of staying vigilant and employing strong cybersecurity practices to protect against such attacks.

By Editor

Leave a Reply