Technology

This new malware pretends to be a Visual Studio app update — then floods your device with malware and ransomware

February 12, 2024

A new malware has been found targeting macOS users and spreading as an update for a legitimate program, as it looks to steal people’s sensitive data, establish persistence on the vulnerable device and, ultimately, deploy ransomware.

Cybersecurity researchers Bitdefender recently discovered the campaign, called RustDoor, and found it was built on the Rust programming language, granting its operators a number of possibilities, including listing running processes, executing arbitrary shell commands, creating new directories, changing and removing existing ones, exfiltrating files, terminating other malware processes, and more.

It has been active since at least November 2023 and currently has multiple variants out there, suggesting active development.

BlackCat strikes again. Or does it?

The operators, whose identity has not yet been definitely confirmed, have been distributing the malware as an updater for Visual Studio for Mac – Microsoft’s integrated development environment (IDE) for macOS. The platform, the media are saying, is approaching end-of-life on August 31 this year. The malware is delivered under many names, such as ‘zshrc2,’ ‘Previewers,’ ‘VisualStudioUpdater,’ ‘VisualStudioUpdater_Patch,’ ‘VisualStudioUpdating,’ ‘visualstudioupdate,’ and ‘DO_NOT_RUN_ChromeUpdates’, Bitdefender says. This distribution method helps the malware stay under the radar of most cybersecurity solutions and researchers out there.

While it is capable of maintaining persistence and exfiltrating sensitive files from the target devices, the most disruptive activity is still ransomware deployment. Bitdefender’s researchers are saying that the infrastructure used in these attacks is often used by affiliates of BlackCat (AKA ALHPV), but it is also used by other threat actors as well, so it’s difficult to confirm the attackers’ identity just yet.

It seems that cyberattacks against macOS users have intensified this year. So far, we’ve already had multiple reports, including one from SentinelOne which states that Apple can’t keep up with the pace at which hackers are developing macOS malware.

Via BleepingComputer

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

LEAVE A REPLY Cancel reply

EDITOR PICKS

POPULAR POSTS

QUICK LINKS

ABOUT US

FOLLOW US

Cookie bar