Malware News New RustDoor macOS malware impersonates Visual Studio update


Level 76
Thread author
Honorary Member
Top Poster
Content Creator
Apr 24, 2016
A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.

The campaign delivering the backdoor started since at least November 2023 and is still underway distributing newer variants of the malware.

Written in Rust, the malware can run on Intel-based (x86_64) and ARM (Apple Silicon) architectures, say researchers at cybersecurity company Bitdefender, who are tracking it as RustDoor.
RustDoor is distributed primarily as an updater for Visual Studio for Mac, Microsoft's integrated development environment (IDE) for the macOS platform, which will be discontinued this year on August 31.

The macOS backdoor is delivered under multiple names, including 'zshrc2,' 'Previewers,' 'VisualStudioUpdater,' 'VisualStudioUpdater_Patch,' 'VisualStudioUpdating,' 'visualstudioupdate,' and 'DO_NOT_RUN_ChromeUpdates'.

According to Bitdefender, the malware has been under active distribution and have been undetected for at least three months.

The researchers discovered three versions of the malware, which come as FAT binaries that include Mach-O files for both x86_64 Intel and ARM architectures but do not come bundled in typical parent files such as Application Bundles or Disk Image.

Bitdefender says this atypical distribution method reduces the campaign's digital footprint and the likelihood of security products flagging the backdoor as suspicious.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.