Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > uk.comp.sys.mac > #180186 > unrolled thread

Scan result - POSITIVE!

Started byDavid <David@example.net>
First post2025-02-11 10:15 +0000
Last post2025-02-11 20:47 +0000
Articles 2 — 1 participant

Back to article view | Back to uk.comp.sys.mac


Contents

  Scan result - POSITIVE! David <David@example.net> - 2025-02-11 10:15 +0000
    Re: Scan result - POSITIVE! David <David@example.net> - 2025-02-11 20:47 +0000

#180186 — Scan result - POSITIVE!

FromDavid <David@example.net>
Date2025-02-11 10:15 +0000
SubjectScan result - POSITIVE!
Message-ID<m10maeFrtu9U1@mid.individual.net>
Here's a screenshot .....

https://i.ibb.co/twzPJxTy/Screenshot-2025-02-11-at-10-07-47.png

=

ChatGPT says ....

Trojan.OSX.RustAgent is a term that may refer to a category of macOS 
malware developed using the Rust programming language. One notable 
example is "RustDoor," a persistent macOS backdoor identified in early 
2024. RustDoor is distributed under various disguises, including as a 
Visual Studio update, and is capable of running on both Intel-based and 
Apple Silicon architectures. Its functionalities include executing 
arbitrary shell commands, uploading and downloading files, and 
establishing persistence through multiple methods such as modifying 
system files and creating LaunchAgents. The malware communicates with 
command and control servers to receive instructions and exfiltrate data. 
Notably, some infrastructure associated with RustDoor has been linked to 
the ALPHV/BlackCat ransomware group, though a definitive connection has 
not been established. citeturn0search2

Another instance of Rust-based macOS malware is "RustBucket," which has 
been observed to masquerade as legitimate applications to deceive users. 
These malware variants highlight a growing trend of using the Rust 
programming language to develop cross-platform threats targeting macOS 
systems. citeturn0search4

It's important to note that the term "Trojan.OSX.Agent" is a generic 
classification used by security vendors to identify macOS trojans with 
varying functionalities. For example, Kaspersky's definition of 
"Trojan.OSX.Agent.gen" describes it as a malicious program designed to 
electronically spy on the user's activities, such as intercepting 
keyboard input and taking screenshots. citeturn0search1

Given the evolving nature of malware, it's crucial to keep macOS systems 
updated and employ reputable security solutions to detect and mitigate 
such threats.

[toc] | [next] | [standalone]


#180193

FromDavid <David@example.net>
Date2025-02-11 20:47 +0000
Message-ID<m11rbiF30ddU1@mid.individual.net>
In reply to#180186
On 11/02/2025 10:15, David wrote:
> Here's a screenshot .....
> 
> https://i.ibb.co/twzPJxTy/Screenshot-2025-02-11-at-10-07-47.png

ASC post says this:-

https://i.ibb.co/tp51skhP/Screenshot-2025-02-11-at-18-35-01.png

HTH

-- 
David

[toc] | [prev] | [standalone]


Back to top | Article view | uk.comp.sys.mac


csiph-web