MacOS Targeted by New Backdoor Linked to ALPHV Ransomware

  /     /     /  
Publicated : 23/11/2024   Category : security


MacOS Targeted by New Backdoor Linked to ALPHV Ransomware


macOS data exfiltration malware poses as an update for Visual Studio code editor.



Researchers have discovered a new backdoor targeting macOS that appears to have ties to an infamous ransomware family that historically targets Windows systems.
Researchers at Bitdefender say the so-called Trojan.MAC.RustDoor is likely linked to BlackCat/ALPHV. The newly discovered backdoor is written in Rust coding language and impersonates an update for Visual Studio code editor.
Bitdefender in its
advisory
said there have been multiple variants of the new backdoor, and that it has been in action for at least three months.
The macOS malware gathers data from the Desktop and Documents folders, along with user notes, and then compresses the information into a ZIP archive and sends it to a command-and-control (C2) server.
While the current information on Trojan.MAC.RustDoor is not enough to confidently attribute this campaign to a specific threat actor, artifacts and IoCs (indicators of compromise) suggest a possible relationship with the BlackBasta and (ALPHV/BlackCat) ransomware operators, Bitedefender researcher Andrei Lapusneau wrote in the companys report. Specifically, three out of the four command and control servers have been previously associated with ransomware campaigns targeting Windows clients.
The researcher also noted the ALPHV/BlackCat ransomware is likewise written in Rust. The
BlackCat/ALPHV ransomware group
traditionally has favored Windows targets such as Microsoft Exchange Services.

Last News

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
MacOS Targeted by New Backdoor Linked to ALPHV Ransomware