New macOS Malware 'ReaderUpdate' Upgraded Arsenal With Nim and Rust Variants

A sophisticated macOS malware loader platform known as “ReaderUpdate” has significantly evolved its capabilities, with researchers identifying new variants written in Nim and Rust programming languages. Initially distributed as a compiled Python binary, ReaderUpdate has expanded its arsenal with implementations in Crystal, Nim, Rust, and most recently Go, showcasing the malware authors’ adaptability and technical sophistication. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Analysis revealed that the malware operators have established an extensive infrastructure spanning multiple domains, including entryway[.]world, airconditionersontop[.]com, and streamingleaksnow[.]com, among others. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Once installed, ReaderUpdate establishes persistence and communicates with command and control (C2) servers to receive further instructions or deliver secondary payloads. SentinelOne researchers noted that the malware’s modular architecture and loader capabilities make it particularly concerning, as it can easily pivot to delivering more dangerous payloads. This setup enables the malware to maintain resilience against system reboots while positioning itself to receive further commands from its operators. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. The loader’s capability to execute arbitrary commands makes it a potential vector for Pay-Per-Install (PPI) or Malware-as-a-Service (MaaS) operations targeting macOS users. The compiled Python version weighs 5.6MB, while the Go variant is 4.5MB, Crystal is 1.2MB, Rust is 400KB, and Nim is the smallest at just 166KB. Online marketplaces have become increasingly popular in developing countries since 2015, providing platforms for trading various goods from used electronics to brand-new items.

This Cyber News was published on cybersecuritynews.com. Publication date: Thu, 27 Mar 2025 14:05:15 +0000

Cyber News related to New macOS Malware 'ReaderUpdate' Upgraded Arsenal With Nim and Rust Variants

New macOS Malware 'ReaderUpdate' Upgraded Arsenal With Nim and Rust Variants - A sophisticated macOS malware loader platform known as “ReaderUpdate” has significantly evolved its capabilities, with researchers identifying new variants written in Nim and Rust programming languages. Initially distributed as a compiled ...
8 months ago Cybersecuritynews.com

CVE-2017-12741 - A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC ...
3 years ago

CVE-2019-10936 - A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet ...
2 years ago

FLOSS for Gophers and Crabs: Extracting Strings from Go and Rust Executables - To support the static analysis of Go and Rust executables, FLOSS now extracts program strings using enhanced algorithms. Where traditional extraction algorithms provide compound and confusing string output FLOSS recovers the individual Go and Rust ...
2 years ago Mandiant.com

Nim-Based Malware Delivered via Weaponized Word Document - Hackers use weaponized Word documents to deliver malicious payloads through social engineering. By embedding malware or exploiting vulnerabilities in these documents, attackers trick users into opening them and leading to the execution of malicious ...
1 year ago Gbhackers.com

Cleafy improves banking security with real-time AI capabilities - In the ever-evolving landscape of banking and financial security, new malware variants poses a significant and imminent challenge. Traditionally, both the identification and classification of these threats only occurred post-attack, leaving banks and ...
2 years ago Helpnetsecurity.com

New Linux Kernel Code Written In Rust To Eliminate Memory Safety Bugs - Since Rust was officially merged into the Linux kernel in October 2022, development teams have been steadily working to implement Rust-based drivers and components that inherently prevent common memory-related security issues. The Linux kernel has ...
9 months ago Cybersecuritynews.com

Sophisticated macOS Infostealers Get Past Apple's Built-In Detection - Increasingly sophisticated infostealers are targeting macOS with the capability to evade Apple's built-in malware protection, as attackers are becoming more savvy about how to crack static signature-detection engines like the platform's proprietary ...
1 year ago Darkreading.com Hunters

Critical Rust Flaw Poses Exploit Threat in Specific Windows Use Cases - The Rust Project has issued an update for its standard library, after a vulnerability researcher discovered a specific function used to execute batch files on Windows systems could be exploited using an injection flaw. The set of common functions ...
1 year ago Darkreading.com CVE-2024-24576

PixPirate: The Brazilian financial malware you can't see, part one - The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan malware that heavily utilizes anti-research techniques. Within IBM Trusteer, we saw several different ...
1 year ago Securityintelligence.com

CVE-2019-19300 - A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), KTK ATE530S (All versions), SIDOOR ATD430W (All versions), ...
2 years ago

Hamas-Linked APT Wields New SysJoker Backdoor Against Israel - Attackers linked to the Palestinian militant group Hamas are using a revamped version of the SysJoker multi-platform backdoor to attack targets in Israel as the current conflict between the two continues despite a current pause in the fighting. An ...
2 years ago Darkreading.com

Ten new Android banking trojans targeted 985 bank apps in 2023 - This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries. Banking trojans are malware that targets people's online bank ...
2 years ago Bleepingcomputer.com

New RustDoor macOS malware impersonates Visual Studio update - A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang. The campaign delivering the backdoor started since at ...
1 year ago Bleepingcomputer.com LockBit

Stemming the Tide: Solving the Challenge of Password Reuse and Password-Stealing Malware - Password stealing malware is again rising with several attacks making the news cycle in recent months. A new password-stealing malware named Ov3r Stealer was discovered on Facebook Ads, spreading by way of fake job opportunities. Further analysis ...
1 year ago Cybersecurity-insiders.com