Alert: New “RustDoor” Backdoor Threatens Apple macOS Users

Apple macOS users are facing a new and stealthy threat in the form of a Rust-based backdoor, dubbed RustDoor by cybersecurity experts at Bitdefender. This sophisticated malware, which has been operating clandestinely since November 2023, poses a significant risk to users of Apple’s desktop operating system.

RustDoor operates by masquerading as an update for Microsoft Visual Studio, a tactic designed to lure unsuspecting users into installing the malicious software. What’s particularly concerning is that this backdoor targets both Intel and Arm architectures, making it capable of compromising a wide range of macOS devices.

The exact method of initial access utilized by RustDoor remains unclear, although it’s been observed that the malware is distributed as FAT binaries containing Mach-O files. This approach allows the backdoor to execute on macOS systems, evading detection and raising the stakes for unsuspecting users.

Bitdefender’s research has uncovered multiple variants of RustDoor, each featuring minor modifications. This suggests ongoing development and refinement of the malware, with threat actors actively adapting their tactics to evade detection by security measures.

Functionally, RustDoor is equipped with a broad array of commands designed to infiltrate and compromise macOS devices. These commands enable the malware to gather and upload files, as well as harvest sensitive information from the compromised endpoint. Additionally, certain versions of RustDoor include configurations specifying the types of data to collect, targeted file extensions and directories, and directories to exclude from scrutiny.

Once RustDoor has collected the desired information, it exfiltrates the data to a command-and-control (C2) server, providing threat actors with unauthorized access to sensitive user data. This underscores the severity of the threat posed by RustDoor and the urgent need for robust cybersecurity measures to mitigate its impact.

Of particular concern is the potential connection between RustDoor and well-known ransomware families such as Black Basta and BlackCat. Bitdefender’s analysis indicates overlaps in the command-and-control infrastructure used by RustDoor and these ransomware variants, suggesting a potentially coordinated effort by cybercriminals to exploit macOS users.

Security researcher Andrei Lapusneau has highlighted the link between RustDoor and the BlackCat ransomware family, noting similarities in their use of the Rust programming language and their shared debut in November 2021. Lapusneau also referenced the U.S. government’s intervention in December 2023, which resulted in the takedown of the BlackCat ransomware operation and the release of a decryption tool for affected victims.

In light of these developments, macOS users are urged to exercise vigilance and implement robust cybersecurity measures to protect against the threat posed by RustDoor and similar malware. By staying informed and adopting proactive security practices, users can reduce their vulnerability to cyberattacks and safeguard their sensitive data from exploitation.