MacOS Targeted by New Backdoor Linked to ALPHV Ransomware

10 months ago 79
News Banner

Looking for an Interim or Fractional CTO to support your business?

Read more

1 Min Read

Door with directions to use the back door with arrow

Source: Medicimage Education via Alamy Stock Photo

Researchers have discovered a new backdoor targeting macOS that appears to have ties to an infamous ransomware family that historically targets Windows systems.

Researchers at Bitdefender say the so-called Trojan.MAC.RustDoor is likely linked to BlackCat/ALPHV. The newly discovered backdoor is written in Rust coding language and impersonates an update for Visual Studio code editor.

Bitdefender in its advisory said there have been multiple variants of the new backdoor, and that it has been in action for at least three months.

The macOS malware gathers data from the Desktop and Documents folders, along with user notes, and then compresses the information into a ZIP archive and sends it to a command-and-control (C2) server.

"While the current information on Trojan.MAC.RustDoor is not enough to confidently attribute this campaign to a specific threat actor, artifacts and IoCs (indicators of compromise) suggest a possible relationship with the BlackBasta and (ALPHV/BlackCat) ransomware operators," Bitedefender researcher Andrei Lapusneau wrote in the company's report. "Specifically, three out of the four command and control servers have been previously associated with ransomware campaigns targeting Windows clients."

The researcher also noted the ALPHV/BlackCat ransomware is likewise written in Rust. The BlackCat/ALPHV ransomware group traditionally has favored Windows targets such as Microsoft Exchange Services.

Read Entire Article