A new backdoor targeting macOS has been discovered by researchers, revealing ties to a notorious ransomware family that has historically targeted Windows systems. Bitdefender researchers have identified the backdoor, known as Trojan.MAC.RustDoor, and believe it is linked to the BlackCat/ALPHV ransomware family.
The newly discovered backdoor is written in Rust coding language and is designed to impersonate an update for Visual Studio code editor. According to Bitdefender, there have been multiple variants of the backdoor in action for at least three months.
Trojan.MAC.RustDoor is capable of gathering data from the Desktop and Documents folders, as well as user notes, compressing the information into a ZIP archive, and sending it to a command-and-control (C2) server. The malware’s activities raise concerns about the security of macOS systems and the potential impact on user privacy.
Bitdefender researcher Andrei Lapusneau has pointed out that while there is not enough information to confidently attribute the campaign to a specific threat actor, the presence of certain artifacts and indicators of compromise (IoCs) suggests a possible relationship with the BlackCat/ALPHV ransomware operators. Specifically, three out of the four command and control servers used by Trojan.MAC.RustDoor have been linked to ransomware campaigns targeting Windows clients.
Lapusneau also noted that the ALPHV/BlackCat ransomware is likewise written in Rust. The BlackCat/ALPHV ransomware group has traditionally targeted Windows systems, with a preference for Microsoft Exchange Services. The potential expansion of their operations to include macOS systems raises concerns about the increasing sophistication and reach of ransomware actors.
The discovery of Trojan.MAC.RustDoor underscores the evolving threat landscape facing macOS users. With ransomware actors expanding their reach to target macOS systems, it is essential for users to remain vigilant and take proactive measures to protect their devices.
Security experts advise macOS users to maintain up-to-date security software and to exercise caution when downloading software updates or clicking on suspicious links. Additionally, regular data backups and a cautious approach to file sharing can help mitigate the risk of falling victim to ransomware attacks.
The emergence of a backdoor targeting macOS with ties to an infamous ransomware family highlights the need for ongoing vigilance and robust cybersecurity measures to protect against evolving cyber threats. As threat actors continue to adapt and expand their operations, it is crucial for individuals and organizations to prioritize cybersecurity and take proactive steps to safeguard their digital assets.