New ‘malware’ found in MacOS that steals files by pretending to be a Visual Studio update

Researchers from cybersecurity company Bitdefender have discovered a new ‘malware’ targeting MacOS users. Named Trojan.MAC.RustDoor, this backdoor poses as a Microsoft Visual Studio Code program update but is actually used to steal files from users’ computers. The backdoor is written in Rust, a programming language that has become increasingly popular among cybercriminals for its ability to evade detection and analysis.

The ‘malware’ can be used to steal specific files or file types and then archive and upload them to a command and control center (C&C) so that malicious actors can access them. This campaign has been active since at least November of last year, with the ‘malware’ running undetected for at least three months.

To distribute itself, the ‘malware’ spoofs an update to Microsoft’s Visual Studio program and uses names like ‘VisualStudioUpdater’, ‘DO_NOT_RUN_ChromeUpdates’, or ‘zshrc2’. Additionally, the ‘malware’ runs on multiple types of processors and can include commands like ‘shell’, ‘cd’, ‘sleep’, ‘upload’, ‘taskkill’, or ‘dialog’ that allow cybercriminals to collect and upload files and obtain information about the infected device.

While Bitdefender has not attributed this campaign to any known threat actor yet, they have observed similarities with the ransomware ALPHV/BlackCat which also uses Rust programming language and “common domains” such as C&C infrastructure servers. This new malware poses a significant threat to MacOS users and highlights the importance of staying vigilant and employing strong cybersecurity practices to protect against such attacks.

By Editor

Leave a Reply