Malware News New RustDoor macOS malware impersonates Visual Studio update

[Gandalf_The_Grey]

Content source

https://www.bleepingcomputer.com/news/security/new-rustdoor-macos-malware-impersonates-visual-studio-update/

A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.

The campaign delivering the backdoor started since at least November 2023 and is still underway distributing newer variants of the malware.

Written in Rust, the malware can run on Intel-based (x86_64) and ARM (Apple Silicon) architectures, say researchers at cybersecurity company Bitdefender, who are tracking it as RustDoor.

RustDoor is distributed primarily as an updater for Visual Studio for Mac, Microsoft's integrated development environment (IDE) for the macOS platform, which will be discontinued this year on August 31.

The macOS backdoor is delivered under multiple names, including 'zshrc2,' 'Previewers,' 'VisualStudioUpdater,' 'VisualStudioUpdater_Patch,' 'VisualStudioUpdating,' 'visualstudioupdate,' and 'DO_NOT_RUN_ChromeUpdates'.

According to Bitdefender, the malware has been under active distribution and have been undetected for at least three months.

The researchers discovered three versions of the malware, which come as FAT binaries that include Mach-O files for both x86_64 Intel and ARM architectures but do not come bundled in typical parent files such as Application Bundles or Disk Image.

Bitdefender says this atypical distribution method reduces the campaign's digital footprint and the likelihood of security products flagging the backdoor as suspicious.

New RustDoor macOS malware impersonates Visual Studio update

A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.

www.bleepingcomputer.com