Security researchers at Eset have discovered a previously unknown macOS backdoor that spies on users of compromised Macs. The spyware is called CloudMensis, and as per the security researchers, uses the public cloud storage services to communicate back and forth with its operators.
How is CloudMensis dangerous for Mac users?
Hackers can gather information from the victims’ Macs by exfiltrating documents and keystrokes, listing email messages and attachments, listing files from removable storage, and screen captures. Once CloudMensis gains access to a Mac and its administrative privileges, it runs a first-stage malware that retrieves a more “featureful second stage from a cloud storage service.”
In the next stage, attackers can access documents, screenshots, email attachments, and other sensitive data.
Eset security researchers, however, have said that the distribution of the spyware is rather limited right now. As of now, “no undisclosed vulnerabilities (zero days) were found to be used by this group during our research,” said Eset researchers. Though the researchers said that keeping your Mac up-to-date software can help keeping the spyware at bay.
“We still do not know how CloudMensis is initially distributed and who the targets are. The general quality of the code and lack of obfuscation shows the authors may not be very familiar with Mac development and are not so advanced. Nonetheless, a lot of resources were put into making CloudMensis a powerful spying tool and a menace to potential targets,” explained ESET researcher Marc-Etienne Léveillé, who analysed CloudMensis.
