Geeks for your information

Full Version: RustDoor malware targets macOS users by posing as a Visual Studio Update
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Quote:A new malware called RustDoor is targeting macOS users. The malware has been undetected for 3 months, and poses as a Microsoft Visual studio Update.

The malware was discovered by Bitdefender. A report by the popular antivirus maker says that RustDoor, is written in the Rust programming language. Bitdefender products identify the malware as Trojan.MAC.RustDoor.

RustDoor was first discovered in November 2023. Bitdefender says that the malware is still making rounds on the internet, the latest sample was spotted on February 2nd, 2024. The RustDoor malware impersonates a Visual Studio Update, to trick the user to download it. The fake update contains FAT binaries with Mach-0 files that can affect both Intel based Macs and Apple Silicon Macs. But the files do not have other parents like Application Bundles, Disk Images, possibly to remain hidden from the user.

The samples were identified by the following names: zshrc2, Previewers, VisualStudioUpdater, VisualStudioUpdater_Patch, VisualStudioUpdating, visualstudioupdate and DO_NOT_RUN_ChromeUpdates.

Fake updates are not a new technique, attackers have used such tricks in the past to infect Windows users. Over the past couple of years, they have also begun targeting Mac users with sophisticated methods. In fact, a similar trick was used to distribute the Atomic Stealer malware on macOS, which was delivered via fake browser updates. The unsuspecting user might believe it to be a genuine update for their browser, and the malware infects their computer.
...
Continue Reading