Security researchers have spotted new macOS malware that might be tied to ransomware hackers. Antivirus provider Bitdefender uncovered the malware posing as an update for Visual Studio, a Microsoft coding program set to retire on macOS in August.
The malware has probably been active for the past three months, Bitdefender says, citing a sample that appeared on Nov. 22. If a user installs the malware, it’ll establish a backdoor the hackers can use to hijack and spy on the Mac. This can include running commands to secretly download and upload files.
The malicious program can target both Intel- and Arm-based Macs. The malware is also written in Rust, a newer programming language that can make it harder for security researchers to detect malicious code, Bitdefender says. But perhaps the most interesting find is that the malware was spotted communicating with servers previously connected to ransomware campaigns from two groups: ALPHV/Blackcat and BlackBasta.
“Specifically, three out of the four command and control servers have been previously associated with ransomware campaigns targeting Windows clients,” according to Bitdefender, which also notes that ALPHV has been launching ransomware attacks using Rust.
Still, Bitdefender says the evidence isn’t enough to confidently pin the malware on a ransomware gang. But it wouldn’t be the first time security researchers have spotted ransomware hackers possibly targeting macOS. Last year, evidence emerged that the Lockbit gang was testing a Mac-based ransomware attack.
To stay safe, it’s best to avoid downloading anything from shady third-party sites or software piracy destinations. Bitdefender’s report adds that several non-Microsoft domains, such as “http://linksammosupply[.]com/VisualStudioUpdater,” were circulating the malware.