This new malware pretends to be a Visual Studio app update — then floods your device with malware and ransomware

Red padlock open on electric circuits network dark red background
(Image credit: Shutterstock/Chor muang)

A new malware has been found targeting macOS users and spreading as an update for a legitimate program, as it looks to steal people’s sensitive data, establish persistence on the vulnerable device and, ultimately, deploy ransomware

Cybersecurity researchers Bitdefender recently discovered the campaign, called RustDoor, and found it was built on the Rust programming language, granting its operators a number of possibilities, including listing running processes, executing arbitrary shell commands, creating new directories, changing and removing existing ones, exfiltrating files, terminating other malware processes, and more. 

It has been active since at least November 2023 and currently has multiple variants out there, suggesting active development.

BlackCat strikes again. Or does it?

The operators, whose identity has not yet been definitely confirmed, have been distributing the malware as an updater for Visual Studio for Mac - Microsoft’s integrated development environment (IDE) for macOS. The platform, the media are saying, is approaching end-of-life on August 31 this year. The malware is delivered under many names, such as 'zshrc2,' 'Previewers,' 'VisualStudioUpdater,' 'VisualStudioUpdater_Patch,' 'VisualStudioUpdating,' 'visualstudioupdate,' and 'DO_NOT_RUN_ChromeUpdates', Bitdefender says. This distribution method helps the malware stay under the radar of most cybersecurity solutions and researchers out there. 

While it is capable of maintaining persistence and exfiltrating sensitive files from the target devices, the most disruptive activity is still ransomware deployment. Bitdefender’s researchers are saying that the infrastructure used in these attacks is often used by affiliates of BlackCat (AKA ALHPV), but it is also used by other threat actors as well, so it’s difficult to confirm the attackers’ identity just yet. 

It seems that cyberattacks against macOS users have intensified this year. So far, we’ve already had multiple reports, including one from SentinelOne which states that Apple can’t keep up with the pace at which hackers are developing macOS malware.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.