The cybersecurity company Bitdefender has recently uncovered a new type of malware that is targeting MacOS users. Dubbed Trojan.MAC.RustDoor, this backdoor disguises itself as a Microsoft Visual Studio Code program update but is actually designed to steal files from the user’s computer.
This malicious software has been active since at least November 2020 and has managed to evade detection for three months before being discovered by Bitdefender’s researchers. The ‘malware’ can steal specific files or file types and then upload them to a command and control center (C&C) for access by malicious actors.
The ‘malware’ distributes itself by spoofing an update to Microsoft’s Visual Studio program, using names like ‘VisualStudioUpdater’, ‘DO_NOT_RUN_ChromeUpdates’, or ‘zshrc2’. It also runs on multiple processors and includes commands such as ‘shell’, ‘cd’, ‘sleep’, ‘upload’, ‘taskkill’, or ‘dialog’ that allow cybercriminals to collect files and obtain information about the infected device.
While there is currently no known threat actor behind this campaign, Bitdefender has observed similarities with the ransomware ALPHV/BlackCat, which also uses the Rust programming language and common domains such as command and control infrastructure servers. This new malware poses a significant threat to MacOS users and highlights the importance of staying vigilant and employing strong cybersecurity practices to protect against attacks like this one.