A new strain of macOS malware named RustDoor has emerged, distributed as a Visual Studio update, with Bitdefender researchers associating it with the ALPHV/BlackCat ransomware gang. This malware, discovered since November 2023, targets both Intel-based and ARM architectures, posing a significant threat to macOS users. RustDoor exhibits sophisticated functionalities, including executing shell commands, exfiltrating data, and establishing persistence on compromised systems. Its distribution as a Visual Studio for Mac update adds to its stealth, allowing it to evade detection and operate undetected for at least three months, as reported by Bitdefender.
The malware’s potential connection to ransomware operations adds another layer of concern, with RustDoor’s ability to communicate with command and control servers indicating a sophisticated threat actor behind its development. Despite the lack of public reports of ransomware attacks on macOS systems, the emergence of RustDoor underscores the evolving landscape of cybersecurity threats targeting Apple’s operating system. Furthermore, the malware’s distribution method under multiple names and its ability to evade detection highlight the need for robust security measures to safeguard against such sophisticated attacks on macOS platforms.
Bitdefender’s report reveals that RustDoor possesses various commands to control compromised systems, such as executing shell commands, uploading and downloading files, and terminating processes, demonstrating its versatility and potential for extensive damage. The malware’s use of Cron jobs and LaunchAgents for persistence ensures that it remains active on infected systems, further complicating mitigation efforts. Additionally, RustDoor’s modifications to system files and terminal sessions help it blend in with legitimate applications, making detection and removal challenging for users and security software alike.