New Backdoor targeting Apple MacOS (RustDoor)

New Backdoor targeting Apple MacOS (RustDoor) - Terminal Brew
User 3301
New Backdoor targeting Apple MacOS (RustDoor)

A new backdoor targting MacOS users has been identified. The backdoor is Rust based and has been operating undestected from as early as November 2023.

The backdoor has been identified impersonating Visual Studio updates.

Method of inital access is still unknown, but is said to be distributed as FAT binaries containing Mach-O files. The malware appears to be in active development as variants with minor modifications have been identifed.

The malware is capable of gathering information about endpoints and uploading additional data.

Once the information is gained it is being sent to Command-&-Control servers (C2).

Additional reporting about the malware claims it may be linked to other prominent malware families due to overlaping C2 infrastructure.

Read more at:

Related posts

  • Sandman APT - Terminal Brew

    Sandman APT

    Researchers recently discovered that the APT group Sandman, known for it's targeting of telecommunications companies, has been directly associated to a Chinese based backdoor (KEYPLUG). 
  • Apple Zero Click Spyware - Terminal Brew

    Apple Zero Click Spyware

    Apple zero-click iMessage exploit allows an attacker to infect iPhones with spyware without any interaction from the end user.
  • Cyber Threat Intel - HiatusRAT - Terminal Brew

    Cyber Threat Intel - HiatusRAT

    Cyber Threat Intel Update