The malware is able to persist and employs sandbox evasion techniques to bypass macOS' security. RustDoor malware's Capabilitiesīitdefender says that multiple variants of RustDoor exist, and that they share some functionalities. The unsuspecting user might believe it to be a genuine update for their browser, and the malware infects their computer. In fact, a similar trick was used to distribute the Atomic Stealer malware on macOS, which was delivered via fake browser updates. Over the past couple of years, they have also begun targeting Mac users with sophisticated methods. The samples were identified by the following names: zshrc2, Previewers, VisualStudioUpdater, VisualStudioUpdater_Patch, VisualStudioUpdating, visualstudioupdate and DO_NOT_RUN_ChromeUpdates.įake updates are not a new technique, attackers have used such tricks in the past to infect Windows users. But the files do not have other parents like Application Bundles, Disk Images, possibly to remain hidden from the user. The fake update contains FAT binaries with Mach-0 files that can affect both Intel based Macs and Apple Silicon Macs. The RustDoor malware impersonates a Visual Studio Update, to trick the user to download it. Bitdefender says that the malware is still making rounds on the internet, the latest sample was spotted on February 2nd, 2024. RustDoor was first discovered in November 2023. Bitdefender products identify the malware as. A report by the popular antivirus maker says that RustDoor, is written in the Rust programming language. The malware was discovered by Bitdefender.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |