Security researchers at Eset discovered a previously unknown macOS backdoor that tracks users of compromised Macs. Spyware is called CloudMensisand according to security researchers, uses public cloud storage services to communicate back and forth with its operators.
How dangerous is CloudMensis for Mac users?
Hackers can gather information from a victim’s Mac by stealing documents and keystrokes, enumerating emails and attachments, enumerating files from removable storage, and taking screenshots. Once CloudMensis has access to the Mac and its administrative privileges, it runs the early-stage malware to retrieve a “more feature-rich second stage from the cloud storage service.” .
In the next stage, attackers can access documents, screenshots, email attachments, and other sensitive data.
However, Eset security researchers have said that the distribution of this spyware is quite limited. “There were no undisclosed (no date) vulnerabilities used by this team during our research,” the Eset researchers said. Although researchers say that keeping your Mac’s software up to date can help keep spyware at bay.
“We still don’t know how CloudMensis was initially distributed and who the target was. The general quality of the code and the lack of obfuscation suggest that the authors may not be very familiar with Mac development and not too advanced. However, a lot of resources have been put into making CloudMensis a powerful spy tool and a threat to potential targets,” said ESET researcher Marc-Etienne Léveillé, who analyzed CloudMensis analysis, explained.
