To steal user data, new CloudMensis spyware opens backdoors on Macs

To steal user data, new CloudMensis spyware opens backdoors on Macs

Tech Highlights:

  • Russia fines Google $358 million for not removing banned info These include screenshots, exfiltration of documents and keystrokes, as well as listing email messages, attachments, and files stored from removable storage. The malware comes with support for dozens of commands, allowing its operators to perform a long list of actions on infected Macs, including: Change values in the CloudMensis configuration: cloud storage providers and authentication tokens, file extensions deemed interesting, polling frequency of cloud storage, etc.

  • In a well planned sequence of attacks, unknown threat actors are utilising previously undetected malware to backdoor macOS systems and exfiltrate information. The new malware was discovered by ESET researchers in April 2022, and they gave it the moniker CloudMensis because it makes use of the public cloud storage services pCloud, Yandex Disk, and Dropbox for command-and-control (C2) communication. The skills of CloudMensis plainly demonstrate that its operators’ primary objective is to gather sensitive information from infected Macs using a variety of techniques.

Based on ESET’s analysis, the attackers infected the first Mac with CloudMensis on February 4, 2022. Since then, they’ve only sporadically used the backdoor to target and compromise other Macs, hinting at the campaign’s highly targeted nature. The infection vector is also unknown, and the attackers’ Objective-C coding abilities also show they’re unfamiliar with the macOS platform. “We still do not know how CloudMensis is initially distributed and who the targets are,” ESET researcher Marc-Etienne Léveillé said.

“The general quality of the code and lack of obfuscation shows the authors may not be very familiar with Mac development and are not so advanced. “Nonetheless, a lot of resources were put into making CloudMensis a powerful spying tool and a menace to potential targets.” Sergiu Gatlan is a reporter who covered cybersecurity, technology, Apple, Google, and a few other topics at Softpedia for more than a decade. Email or Twitter DMs for tips.

We will be happy to hear your thoughts

      Leave a reply

      Tech Reviews, News and Guides