MacOS Targeted by New Backdoor Linked to ALPHV Ransomware

  /     /     /  
Publicated : 23/11/2024   Category : security

MacOS Targeted by New Backdoor Linked to ALPHV Ransomware


macOS data exfiltration malware poses as an update for Visual Studio code editor.


Researchers have discovered a new backdoor targeting macOS that appears to have ties to an infamous ransomware family that historically targets Windows systems.
Researchers at Bitdefender say the so-called Trojan.MAC.RustDoor is likely linked to BlackCat/ALPHV. The newly discovered backdoor is written in Rust coding language and impersonates an update for Visual Studio code editor.
Bitdefender in its
advisory
said there have been multiple variants of the new backdoor, and that it has been in action for at least three months.
The macOS malware gathers data from the Desktop and Documents folders, along with user notes, and then compresses the information into a ZIP archive and sends it to a command-and-control (C2) server.
While the current information on Trojan.MAC.RustDoor is not enough to confidently attribute this campaign to a specific threat actor, artifacts and IoCs (indicators of compromise) suggest a possible relationship with the BlackBasta and (ALPHV/BlackCat) ransomware operators, Bitedefender researcher Andrei Lapusneau wrote in the companys report. Specifically, three out of the four command and control servers have been previously associated with ransomware campaigns targeting Windows clients.
The researcher also noted the ALPHV/BlackCat ransomware is likewise written in Rust. The
BlackCat/ALPHV ransomware group
traditionally has favored Windows targets such as Microsoft Exchange Services.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
MacOS Targeted by New Backdoor Linked to ALPHV Ransomware