Novel RustDoor macOS malware fueled by ransomware infrastructure

Three command-and-control servers previously linked to the ALPHV/BlackCat and Black Basta ransomware operations have been leveraged to support the novel Rust-based RustDoor backdoor, which spoofed Visual Studio to facilitate compromise file exfiltration on macOS devices since November, according to SecurityWeek. Bitdefender researchers discovered three variants of the RustDoor malware, with the latest version found to feature a complicated JSON configuration, larger files, and an Apple script enabling document exfiltration from certain folders that are then copied to a hidden folder and compressed prior to C2 server delivery. Further examination of the malware's configuration file revealed four persistence mechanisms and the capability to spoof various apps. "Some configurations also include specific instructions about what data to collect, such as the maximum size and maximum number of files, as well as lists of targeted extensions and directories, or directories to exclude," said researchers.