A new malware called RustDoor is targeting macOS users.
The malware has been undetected for 3 months, and poses as a Microsoft Visual studio Update.
ADVERTISEMENT. The malware was discovered by Bitdefender.
Bitdefender products identify the malware as Trojan.
Bitdefender says that the malware is still making rounds on the internet, the latest sample was spotted on February 2nd, 2024.
The RustDoor malware impersonates a Visual Studio Update, to trick the user to download it.
The fake update contains FAT binaries with Mach-0 files that can affect both Intel based Macs and Apple Silicon Macs.
Fake updates are not a new technique, attackers have used such tricks in the past to infect Windows users.
Over the past couple of years, they have also begun targeting Mac users with sophisticated methods.
A similar trick was used to distribute the Atomic Stealer malware on macOS, which was delivered via fake browser updates.
The unsuspecting user might believe it to be a genuine update for their browser, and the malware infects their computer.
Bitdefender says that multiple variants of RustDoor exist, and that they share some functionalities.
The malware is able to persist and employs sandbox evasion techniques to bypass macOS' security.
This in turn could help the malware to evade detection, which might explain why it has been roaming undetected for the past three months.
The source code of the RustDoor malware contains commands that allow it to gather and upload files.
Some configurations of the malware have specific instructions about the data that it will collect, including the maximum number of files, size of the files, lists of targeted extensions and directories, and the folders that will be excluded.
The malware is also capable of downloading files from the server to compromise the security of the system.
Bitdefender says that it does not have enough data to attribute the RustDoor campaign to a specific threat actor.
RustDoor malware targets macOS users by posing as a Visual Studio Update.
Mac users beware: RustDoor malware is targeting macOS via a fake Microsoft Visual Studio Update.
This Cyber News was published on www.ghacks.net. Publication date: Mon, 12 Feb 2024 06:13:05 +0000