A new malware threat has emerged, targeting macOS systems by posing as a Visual Studio update. The malware, known as RustDoor, is a backdoor access tool designed to compromise systems. Researchers at cybersecurity company Bitdefender have been tracking this malicious software, which is written in Rust and capable of running on both Intel-based (x86_64) and ARM (Apple Silicon) architectures.

The campaign delivering the backdoor has been active since at least November 2023 and continues to distribute newer variants of the malware. Bitdefender’s analysis revealed that the malware communicates with four command and control (C2) servers, three of which have been associated with ransomware attacks potentially linked to the ALPHV/BlackCat affiliate.

While the evidence is not sufficient to definitively link RustDoor to a specific threat actor, indicators of compromise suggest a possible connection with the BlackBasta and ALPHV/BlackCat ransomware operators. It is common for multiple threat actors to utilize the same servers for attacks due to restrictions on hosting services that condone illegal activity.

Although there are existing encryptors for macOS systems, there have been no public reports of ransomware attacks targeting Apple’s operating system at this time. While most ransomware operations typically target Windows and Linux systems, the emergence of RustDoor raises concerns about potential threats to macOS users.