{"id":2504,"date":"2024-02-09T21:48:11","date_gmt":"2024-02-09T21:48:11","guid":{"rendered":"https:\/\/www.darkreading.com\/threat-intelligence\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware"},"modified":"2024-02-09T21:48:11","modified_gmt":"2024-02-09T21:48:11","slug":"macos-targeted-by-new-backdoor-linked-to-alphv-ransomware","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/02\/09\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware\/","title":{"rendered":"MacOS Targeted by New Backdoor Linked to ALPHV Ransomware"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blt1dcc628acac13009\/65c691d56bbc7a040a359ab3\/back_door_Medicimage_Education_Alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Researchers have discovered a new backdoor targeting macOS that appears to have ties to an infamous ransomware family that historically targets Windows systems.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Researchers at Bitdefender say the so-called Trojan.MAC.RustDoor is likely linked to BlackCat\/ALPHV. The newly discovered backdoor is written in Rust coding language and impersonates an update for Visual Studio code editor.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Bitdefender in its <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.bitdefender.com\/blog\/labs\/new-macos-backdoor-written-in-rust-shows-possible-link-with-windows-ransomware-group\/\" target=\"_blank\" rel=\"sponsored noopener\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\">advisory<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> said there have been multiple variants of the new backdoor, and that it has been in action for at least three months.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The macOS malware gathers data from the Desktop and Documents folders, along with user notes, and then compresses the information into a ZIP archive and sends it to a command-and-control (C2) server.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;While the current information on&nbsp;Trojan.MAC.RustDoor&nbsp;is not enough to confidently attribute this campaign to a specific threat actor, artifacts and IoCs (indicators of compromise) suggest a possible relationship with the BlackBasta and (ALPHV\/BlackCat) ransomware operators,&#8221; Bitedefender researcher Andrei Lapusneau wrote in the company&#8217;s report. &#8220;Specifically, three out of the four command and control servers&nbsp;have been previously associated&nbsp;with ransomware campaigns targeting Windows clients.&#8221;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The researcher also noted the ALPHV\/BlackCat ransomware is likewise written in Rust. The <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/everything-you-need-to-know-about-blackcat-alphav-\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">BlackCat\/ALPHV ransomware group<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> traditionally has favored Windows targets such as Microsoft Exchange Services.<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/threat-intelligence\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers have discovered a new backdoor targeting macOS that appears<\/p>\n","protected":false},"author":12,"featured_media":2505,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-2504","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware-scaled.jpg?fit=2560%2C1700&ssl=1",2560,1700,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware-scaled.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware-scaled.jpg?fit=300%2C199&ssl=1",300,199,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware-scaled.jpg?fit=640%2C425&ssl=1",640,425,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware-scaled.jpg?fit=640%2C425&ssl=1",640,425,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware-scaled.jpg?fit=1536%2C1020&ssl=1",1536,1020,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware-scaled.jpg?fit=2048%2C1360&ssl=1",2048,1360,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware-scaled.jpg?fit=1024%2C680&ssl=1",1024,680,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware-scaled.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware-scaled.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/02\/macos-targeted-by-new-backdoor-linked-to-alphv-ransomware-scaled.jpg?fit=2560%2C1700&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2504"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2504\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/2505"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}