Researchers at Elastic Security Labs have uncovered an updated version of the macOS malware called Rustbucket. The malware is present in a third-party PDF reader application being distributed by phishing emails and social networks such as LinkedIn.
The 3rd-party PDF reader application functions normally until a weaponized PDF file is opened. At that point, the rogue application reaches out to a command-and-control server for instructions which include the downloading of malware designed to gather extensive information and establish a backdoor to the computer.
It appears the same group is now working on a version of the attack for Windows as well.
Takeaways:
Use the PDF reader that ships with your computer or install the free Adobe Reader.
Installing software based on a link in an email or social media post is rarely a good idea.
Definitions:
Command and control (C&C) server - a centralized server used to send commands and receive data from compromised computers or devices. They are typically used in botnets and other types of malware attacks. The C&C server allows the attacker to remotely control the infected devices, collect information, and carry out malicious activities.
Computer backdoor - a hidden entry point in a computer system that allows unauthorized access and control. It is typically created by malicious actors to gain unauthorized access to a system, bypass security measures, and perform various malicious activities.
Botnet - a network of internet-connected devices that have been infected with malware and can be controlled remotely by a cybercriminal. These devices, which can include computers, smartphones, and IoT devices, are used to carry out various malicious activities, such as DDoS attacks, spam campaigns, and data theft.
Sources: Elastic Security Labs, The Hacker News
Would you like a free, no-obligation Cybersecurity Benchmarking of your organization showing where you stand vs. industry-accepted practices? Click here to schedule a time with one of our associates.