Researchers have found a brand new backdoor concentrating on macOS that seems to have ties to an notorious ransomware household that traditionally targets Home windows methods.
Researchers at Bitdefender say the so-called Trojan.MAC.RustDoor is probably going linked to BlackCat/ALPHV. The newly found backdoor is written in Rust coding language and impersonates an replace for Visible Studio code editor.
Bitdefender in its advisory stated there have been a number of variants of the brand new backdoor, and that it has been in motion for a minimum of three months.
The macOS malware gathers knowledge from the Desktop and Paperwork folders, together with consumer notes, after which compresses the knowledge right into a ZIP archive and sends it to a command-and-control (C2) server.
“Whereas the present info on Trojan.MAC.RustDoor isn’t sufficient to confidently attribute this marketing campaign to a selected risk actor, artifacts and IoCs (indicators of compromise) counsel a potential relationship with the BlackBasta and (ALPHV/BlackCat) ransomware operators,” Bitedefender researcher Andrei Lapusneau wrote within the firm’s report. “Particularly, three out of the 4 command and management servers have been beforehand related with ransomware campaigns concentrating on Home windows shoppers.”
The researcher additionally famous the ALPHV/BlackCat ransomware is likewise written in Rust. The BlackCat/ALPHV ransomware group historically has favored Home windows targets similar to Microsoft Alternate Providers.