RustDoor has various commands to control compromised systems, exfiltrate data, and establish persistence, and it has been distributed under multiple names while remaining undetected for at least three months.
Some packages exfiltrate data via webhooks or file-sharing links, while others scan for sensitive files and directories. Users are advised to be cautious and watch for suspicious install scripts.