RustDoor malware compromises JAVS courtroom software installer
Malicious actors have compromised the installer for courtroom video recording software from Justice AV Solutions (JAVS) to deliver RustDoor malware.
The attack, identified as CVE-2024-4978, affects JAVS Viewer v8.3.7, used for managing courtroom recordings. Cybersecurity firm Rapid7 began investigating after finding a malicious executable, “fffmpeg.exe,” in the software’s Windows installation folder. This executable was traced to a binary downloaded from JAVS’s official site in March 2024, which was signed with an unexpected Authenticode signature from “Vanguard Tech Limited” instead of “Justice AV Solutions Inc.”
The compromised executable connects to a command-and-control server, executes obfuscated PowerShell scripts to bypass security measures, and downloads additional payloads disguised as a Google Chrome installer. These payloads aim to retrieve web browser credentials but were found to have bugs preventing proper execution.
RustDoor, a Rust-based backdoor malware, initially targeted macOS devices and later appeared in a Windows version called GateDoor, written in Golang. Both versions are distributed under the guise of legitimate updates and share communication endpoints. They are linked to the ransomware-as-a-service affiliate ShadowSyndicate.
JAVS confirmed the security issue, pulled the impacted version, reset passwords, and audited their systems. They assured that no source code or certificates were compromised. Users are advised to verify the authenticity of JAVS software, check for indicators of compromise, and re-image infected endpoints.
