RustBucket malware: A PDF could finish your Mac


Level 44
Thread author
Top Poster
Nov 10, 2017
Cybersecurity research conducted by the illustrious team at Elastic Security Labs has brought to light a virulent new strain of the RustBucket malware, a notorious enemy of macOS-powered devices. It appears the cyber-nemesis has evolved, displaying an increased persistence on targeted endpoints and an unnerving ability to stealthily avoid antivirus programs.

The researchers reveal, "This variant of RustBucket, a malware family that targets macOS systems, adds persistence capabilities not previously observed." The devious malware has also advanced its command-and-control infrastructure, subtly embedding itself within dynamic network systems.

Its mode of entry is decidedly straightforward: the unsuspecting victim downloads a seemingly innocent macOS installer file, little knowing it carries a malevolent passenger – a compromised PDF reader. The attack is activated when an ill-fated PDF file, cleverly weaponized, is opened using the tainted reader. Often delivered via phishing emails or masquerading as trustworthy links on social media platforms like LinkedIn, the RustBucket malware indeed presents a sinister threat.

RustBucket's distinctive persistence method, paired with its dynamic DNS domains for command-and-control, enables it to surpass most malware in its elusive nature.

"In the case of this updated RustBucket sample, it establishes its own persistence by adding a plist file at the path /Users/<user>/Library/LaunchAgents/, and it copies the malware's binary to the following path /Users/<user>/Library/Metadata/System Update," the researchers elaborated.

Full article

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.