A recent report from cybersecurity firm Bitdefender has revealed a new form of malware targeting MacOS users. Dubbed Trojan.MAC.RustDoor, this backdoor is an update to Microsoft Visual Studio Code but is actually used to steal files from the user’s computer.
The malware, which has been operating undetected for at least three months, can be used to steal specific files or file types and then archive and upload them to a command and control (C&C) center for malicious actors to access. The campaign has been active since at least November last year, highlighting the need for users to remain vigilant and use strong cybersecurity practices to protect against such attacks.
To spread, the malware fakes updating Microsoft’s Visual Studio and uses names like “VisualStudioUpdater,” “DO_NOT_RUN_ChromeUpdates,” or “zshrc2.” In addition, the malware runs on multiple types of processors and may include commands such as “shell,” “cd,” “sleep,” “upload,” “taskkill,” or “dialog” that allow cybercriminals to collect and upload files and get information about the infected device.
While Bitdefender noted that this malware campaign cannot be attributed to any known threat actors at this time, they did note similarities with the ransomware ALPHV/BlackCat, which also uses the Rust programming language and common domains such as C&C infrastructure servers. This new malware poses a significant threat to MacOS users and underscores the importance of being vigilant and using strong cybersecurity practices to protect against such attacks.