Researchers have discovered a new backdoor targeting macOS that appears to have ties to a notorious ransomware family that historically targets Windows systems.
Bitdefender researchers say that the so-called Trojan.MAC.RustDoor is likely linked to BlackCat/ALPHV. The newly discovered backdoor is written in the Rust coding language and represents an update to the Visual Studio code editor.
Bitdefender in its consultative he said there have been multiple variations of the new backdoor and that it has been in action for at least three months.
The macOS malware collects data from the Desktop and Documents folders, along with user notes, then compresses the information into a ZIP archive and sends it to a command-and-control (C2) server.
“While current information on Trojan.MAC.RustDoor is insufficient to confidently attribute this campaign to a specific threat actor, artifacts and IoCs (indicators of compromise) suggest a possible relationship with the BlackBasta and (ALPHV/BlackCat) ransomware operators ),” Bitedefender researcher Andrei Lapusneau wrote this in the company’s report. “Specifically, three of the four command and control servers have previously been associated with ransomware campaigns targeting Windows clients.”
The researcher also noted that the ALPHV/BlackCat ransomware is also written in Rust. THE BlackCat/ALPHV ransomware group It has traditionally favored Windows targets such as Microsoft Exchange Services.