This new malware pretends to be a Visual Studio app update — then floods your device with malware and ransomware

Pls share this post

Listen to this article

A new malware has been found targeting macOS users and spreading as an update for a legitimate program, as it looks to steal people’s sensitive data, establish persistence on the vulnerable device and, ultimately, deploy ransomware

Cybersecurity researchers Bitdefender recently discovered the campaign, called RustDoor, and found it was built on the Rust programming language, granting its operators a number of possibilities, including listing running processes, executing arbitrary shell commands, creating new directories, changing and removing existing ones, exfiltrating files, terminating other malware processes, and more. 

It has been active since at least November 2023 and currently has multiple variants out there, suggesting active development.

READ ALSO  Top tech companies, AI developers and security firms sign anti-deepfake agreement to combat election interference

BlackCat strikes again. Or does it?

The operators, whose identity has not yet been definitely confirmed, have been distributing the malware as an updater for Visual Studio for Mac – Microsoft’s integrated development environment (IDE) for macOS. The platform, the media are saying, is approaching end-of-life on August 31 this year. The malware is delivered under many names, such as ‘zshrc2,’ ‘Previewers,’ ‘VisualStudioUpdater,’ ‘VisualStudioUpdater_Patch,’ ‘VisualStudioUpdating,’ ‘visualstudioupdate,’ and ‘DO_NOT_RUN_ChromeUpdates’, Bitdefender says. This distribution method helps the malware stay under the radar of most cybersecurity solutions and researchers out there. 

While it is capable of maintaining persistence and exfiltrating sensitive files from the target devices, the most disruptive activity is still ransomware deployment. Bitdefender’s researchers are saying that the infrastructure used in these attacks is often used by affiliates of BlackCat (AKA ALHPV), but it is also used by other threat actors as well, so it’s difficult to confirm the attackers’ identity just yet. 

Iconic monitor maker delivers superlight laptop that you can only buy in Japan — but it's its 4-year warranty that makes iiyama's ultrabook such a great buy

It seems that cyberattacks against macOS users have intensified this year. So far, we’ve already had multiple reports, including one from SentinelOne which states that Apple can’t keep up with the pace at which hackers are developing macOS malware.

Via BleepingComputer

More from TechRadar Pro


Pls share this post
Previous articleMissed student loan payments set to affect credit scores again by the end of 2024: Here’s how to prepare
Next articleUS banks have loaned $1 trillion to less regulated ‘shadow banks’