Three command-and-control servers previously linked to the ALPHV/BlackCat and Black Basta ransomware operations have been leveraged to support the novel Rust-based RustDoor backdoor, which spoofed Visual Studio to facilitate compromise file exfiltration on macOS devices since November, according to SecurityWeek.
Bitdefender researchers discovered three variants of the RustDoor malware, with the latest version found to feature a complicated JSON configuration, larger files, and an Apple script enabling document exfiltration from certain folders that are then copied to a hidden folder and compressed prior to C2 server delivery. Further examination of the malware's configuration file revealed four persistence mechanisms and the capability to spoof various apps.
"Some configurations also include specific instructions about what data to collect, such as the maximum size and maximum number of files, as well as lists of targeted extensions and directories, or directories to exclude," said researchers.
Ransomware
Novel RustDoor macOS malware fueled by ransomware infrastructure
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds