In a recent discovery by researchers at Rapid7, it was revealed that a Windows version of the RustDoor installer has been circulating through a compromised audiovisual software package. This software package was hosted and distributed by an audio-visual recording platform commonly used in various settings such as courtrooms, jails, prisons, council chambers, hearing rooms, and lecture halls across the nation.
The threat actors behind this cyberattack campaign targeted Justice AV’s Viewer v8.3.7, a tool utilized to access media and logging files created by the Justice AV platform. This compromised software was identified as part of a supply chain attack, as detailed in the findings released by Rapid7. The RustDoor installer, once installed, enables malicious actors to gain complete control over the infected systems. The researchers explained that the Viewer was readily available for download from the vendor’s website and was packaged as a Windows-based installer that requires high privileges upon execution.
The history of RustDoor’s involvement in supply chain attacks dates back to its initial discovery in December 2023 when it was first found targeting macOS devices. Subsequently, a Windows version known as GateDoor, written in Golang instead of Rust, was uncovered by researchers shortly after. These malicious software versions, disguised as legitimate programs, have been linked to past cyberattacks associated with the ALPHV/BlackCat ransomware group.
The first indication of the compromised JAVS Viewer packages emerged in February 2021, with Rapid7 commencing its investigation on May 10. Following the discovery, Justice AV Solutions took prompt action by removing the tainted Viewer files. They assured Rapid7 that the incident did not compromise any source code, certificates, systems, or other software releases.
In response to the attack, Rapid7 advised customers using Justice AV Solutions software to not only uninstall and replace the affected software but also re-image the impacted endpoints and reset credentials for added security. Users of JAVS Viewer v8.3.7 were cautioned that they are at high risk and should take immediate action to safeguard their systems.
While the spread of the RustDoor malware through the JAVS platform has been halted, Rapid7 warned that the threat actors responsible for the supply chain attack are actively enhancing their command-and-control infrastructure. This ongoing development underscores the importance of maintaining vigilant cybersecurity measures to thwart potential threats.
As organizations strive to protect their systems and data from cyber threats, staying informed about the latest attack trends and efficiently responding to security incidents are essential components of a robust defense strategy. By remaining proactive and implementing best practices in cybersecurity, businesses can mitigate risks and safeguard their digital assets against evolving threats.