Cybersecurity firm Bitdefender has uncovered a new macOS backdoor named RustDoor, believed to be connected to the ransomware families Black Basta and Alphv/BlackCat. RustDoor, written in Rust programming language, masquerades as Visual Studio and has been circulating since November 2023, remaining undetected for about three months. Bitdefender identified several variants of RustDoor, sharing backdoor functionality but with minor differences. These variants support commands for file harvesting, exfiltration, and machine details collection, with the data sent to a command-and-control server to generate a victim ID. RustDoor’s configurations allow it to impersonate different applications and include options for data collection specifications, persistence mechanisms, and spoofed administrator password dialogs. The backdoor references C&C servers associated with previous ransomware campaigns by Black Basta and Alphv/BlackCat, indicating potential ties to these threat actors.
Read more: https://www.securityweek.com/new-macos-backdoor-linked-to-prominent-ransomware-groups/