To steal user data, the new CloudMensis spyware opens backdoors on Macs

Share This Post

Russia fines Google $358 million for not removing banned info These include screenshots, exfiltration of documents and keystrokes, as well as listing email messages, attachments, and files stored from removable storage. The malware comes with support for dozens of commands, allowing its operators to perform a long list of actions on infected Macs, including: Change values in the CloudMensis configuration: cloud storage providers and authentication tokens, file extensions deemed interesting, polling frequency of cloud storage, etc.

In a well planned sequence of attacks, unknown threat actors are utilising previously undetected malware to backdoor macOS systems and exfiltrate information. The new malware was discovered by ESET researchers in April 2022, and they gave it the moniker CloudMensis because it makes use of the public cloud storage services pCloud, Yandex Disk, and Dropbox for command-and-control (C2) communication. The skills of CloudMensis plainly demonstrate that its operators’ primary objective is to gather sensitive information from infected Macs using a variety of techniques.


  • “The general quality of the code and lack of obfuscation shows the authors may not be very familiar with Mac development and are not so advanced. “Nonetheless, a lot of resources were put into making CloudMensis a powerful spying tool and a menace to potential targets.” Sergiu Gatlan is a reporter who covered cybersecurity, technology, Apple, Google, and a few other topics at Softpedia for more than a decade. Email or Twitter DMs for tips.

  • Based on ESET’s analysis, the attackers infected the first Mac with CloudMensis on February 4, 2022. Since then, they’ve only sporadically used the backdoor to target and compromise other Macs, hinting at the campaign’s highly targeted nature. The infection vector is also unknown, and the attackers’ Objective-C coding abilities also show they’re unfamiliar with the macOS platform. “We still do not know how CloudMensis is initially distributed and who the targets are,” ESET researcher Marc-Etienne Léveillé said.


Related Posts

Apple Patents Upgraded luxury design

According to the patent, the design would give “a...

This is the reason Apple delayed the Telegram App Store update for two weeks

On Friday, according to Engadget, Durov wrote a new...

This is what the iPhone It will most likely be similar to 14 Pro running iOS 16

Created by Graphic Designer AR7 and shared on Twitter,...