Malicious Mac malware is actively used to collect personal data from Mac computers. Security researchers say CloudMensis spyware could allow an attacker to download files, intercept keystrokes, take screenshots, and more.
Cybersecurity firm ESET reports that spyware has been in active use since February and appears to be targeting specific people…
It is reported by Tom’s Guide.
A previously unknown backdoor has been discovered in macOS, which is currently being actively used to spy on users of jailbroken Macs.
The new malware, first discovered by researchers at cybersecurity company ESET, has been dubbed CloudMensis. CloudMensis’ capabilities show that its creators designed it to collect information from victims’ Macs, and malware can extract documents and keystrokes, list emails and attachments, list files from removable media and screenshots according to ESET.
While CloudMensis is certainly a threat to Mac users, its incredibly limited distribution suggests that it is intended to be used as part of a targeted operation. From what ESET researchers have observed so far, the cybercriminals responsible are deploying malware to the specific users they are interested in.
“We still don’t know how CloudMensis is initially distributed and who the target is. The overall quality of the code and lack of obfuscation shows that the authors may not be very familiar with Mac development and not that advanced. However, a lot of resources have gone into making CloudMensis a powerful spy tool and a threat to potential targets.”
While malware usually calls home to receive commands and download additional malware components, this usually means connecting to a private server controlled by the attacker. CloudMensis is unusual in that it can be run on cloud storages.
After gaining code execution and administrator privileges on a compromised Mac, it launches stage one malware that extracts stage two with additional features from a cloud storage service, according to ESET.
The second stage is a much larger component that has features for collecting information from a jailbroken Mac. While there are currently 39 commands available, the second stage of CloudMensis is designed to extract documents, screenshots, email attachments, and other information from victims.
CloudMensis uses cloud storage both to receive commands from its operators and to retrieve files. It currently supports three different providers: pCloud, Yandex Disk, and Dropbox.
It’s not clear how the malware can bypass macOS protections, as ESET says it doesn’t exploit any undisclosed vulnerabilities.
A look at CloudMensis
The fact that spyware appears to be used in a targeted manner means that most Mac owners don’t have to worry about falling victim to it. However, it is a concern that CloudMensis can bypass security measures in macOS remotely without exploiting a zero-day vulnerability.
It’s always worth taking some simple cybersecurity precautions. In particular, never open attachments you don’t expect, even if they appear to be from a known contact, and only download software from the Mac App Store or developer websites you trust.
Similar
The post CloudMensis spyware is actively used to steal data from Mac computers appeared first on Gamingsym.