SentinelOne Demo: SentinelOne VS RustDoor macOS Infostealer – Detection and Mitigation

In this video demonstration see how the SentinelOne Singularity XDR Platform protects against RustDoor, a sophisticated macOS backdoor threat that emerged in mid-2023. Sharing some degree of code overlap with Atomic Stealer (AMOS), RustDoor is a Rust-based macOS trojan that targets both Intel and ARM-based Macs. The infostealer disguises itself as updates for widely-used applications such as Microsoft Visual Studio, Microsoft Office for Mac, and Google Chrome updates.

RustDoor backdoor payloads are downloaded after victims are enticed into launching maliciously-crafted shell scripts. These scripts will download and launch the RustDoor backdoor, as well as display a dummy file (PDF) to potentially distract the targeted user from the underlying attack.

RustDoor payloads contain embedded AppleScripts, which aid in the discovery, bundling, and exfiltration of data. Persistence is achieved through multiple methods including cron jobs and .plist creation.

There is intelligence that suggests that RustDoor backdoors are being used by large-scale ransomware options including ALPHV.

~Subscribe to our channels:~
Website: https://www.sentinelone.com/
LinkedIn: https://www.linkedin.com/company/sentinelone/
Twitter: https://twitter.com/SentinelOne
Facebook: https://www.facebook.com/SentinelOne
Instagram: https://www.instagram.com/sentinelsec/
Threads: https://www.threads.net/@sentinelsec