Breaking News

King Harald of Norway is back in Norway after being discharged from a Malaysian hospital. Photos from the pre-wedding celebration of Anant Ambani and Radhika Merchant Is the Crisis in China’s Economy Beginning? Review: U2’s Electrifying Performance at the Las Vegas Sphere 38 drones shot down over Crimea, traffic restrictions at Feodosia port

Researchers from cybersecurity company Bitdefender have discovered a new malware targeting MacOS users. Dubbed Trojan.MAC.RustDoor, this backdoor poses as a Microsoft Visual Studio Code program update but is actually used to steal files from users’ computers. Written in Rust, a relatively new programming language in the ‘malware’ ecosystem that helps cybercriminals evade attack detection and analysis, this threat is particularly dangerous as it can be used to steal specific files or file types and then archive and upload them to a command and control center (C&C) so that malicious actors can access them.

This campaign has been active since at least November of last year and the malware has been running undetected for at least three months. To distribute itself, the malware spoofs an update to Microsoft’s Visual Studio program and uses names like ‘VisualStudioUpdater’, ‘DO_NOT_RUN_ChromeUpdates’, or ‘zshrc2’. Additionally, the malware runs on multiple types of processors and can include commands like ‘shell’, ‘cd’, ‘sleep’, ‘upload’, ‘taskkill’, or ‘dialog’ that allow cybercriminals to collect and upload files and obtain information about the infected device.

Despite these findings, Bitdefender has indicated that, for the moment, this malware campaign cannot be attributed to any known threat actor. However, they have observed similarities with the ransomware ALPHV/BlackCat which also uses the Rust programming language and “common domains” such as command and control infrastructure servers. This new malware poses a significant threat to MacOS users and highlights the importance of staying vigilant and employing strong cybersecurity practices to protect against such attacks.

Leave a Reply