This new malware masquerades as a Visual Studio app update and then floods your device with malware and ransomware
New malware has been found that targets macOS users and spreads as an update to a legitimate program, as it aims to steal people’s sensitive data, establish persistence on the vulnerable device, and ultimately deploy ransomware.
Cybersecurity researchers Bitdefender recently discovered the campaign, called RustDoor, and discovered that it was built on the Rust programming language, giving its operators a number of capabilities, including displaying running processes, executing arbitrary shell commands, creating new folders, modifying and deleting existing folders, exfiltrating files, terminating other malware processes and more.
It has been active since at least November 2023 and there are currently multiple variants available, indicating active development.
BlackCat strikes again. Or is it?
The operators, whose identities have not yet been definitively confirmed, are distributing the malware as an updater for Visual Studio for Mac – Microsoft’s integrated development environment (IDE) for macOS. The platform, the media say, is approaching the end of its lifespan on August 31 this year. The malware comes under many names, such as ‘zshrc2’, ‘Previewers’, ‘VisualStudioUpdater’, ‘VisualStudioUpdater_Patch’, ‘VisualStudioUpdating’, ‘visualstudioupdate’ and ‘DO_NOT_RUN_ChromeUpdates’, Bitdefender says. This distribution method ensures that the malware remains under the radar of most cybersecurity solutions and researchers.
Although it is capable of maintaining persistence and exfiltrating sensitive files from the target devices, the most disruptive activity is still ransomware deployment. Bitdefender researchers say the infrastructure used in these attacks is often used by affiliates of BlackCat (AKA ALHPV), as well as other threat actors, so it is difficult to confirm the attackers’ identities just yet.
It appears that cyber attacks against macOS users have intensified this year. So far we’ve had several reports, including one from SentinelOne stating that Apple can’t keep up with the pace at which hackers are developing macOS malware.
Through BleepingComputer