Security researchers at Bitdefender have likely linked the RustDoor malware to the BlackCat threat group. The malware originally was thought to only be associated with Windows. However, researchers have found a version that can infect the macOS as well.
RustDoor gathers information from Desktop and Documents locations and creates an archive which it then sends it to command and control servers.
The malware gets it’s name from it’s programming language, Rust (Trojan.MAC.RustDoor) and it impersonates an update for Visual Code editor. They have found there are several variants of the malware and it has been active for at least three months.
IOCs suggest there might be an association with the BlackBasta threat group however its early on in the campaign. Three of the four command and control servers (C2C) have been linked to Windows-targeted campaigns in the past. Further research may suggest that the BlackCat group has associations linked to FIN7 (Carbon Spider) a Russian-speaking advanced persistent threat.
To help combat this as a user, its a good idea to keep your systems updated to the latest and greatest patching, and only apply patches directly from Apple and Microsoft via their respective installers. With third-party updates its best to grab them directly from the developer’s website.