CloudMensis Malware Leverages Cloud Storage to Steal Documents and Spy on Mac Users

malware
malware Unsplash/Ed Hardie

On Wednesday, July 20, cybersecurity firm ESET revealed that it had discovered a previously unknown macOS malware that goes after the user's cloud storage to spy on them.

macOS Malware Discovered

According to 9to5Mac, the malware called CloudMensis is a macOS backdoor that can exfiltrate documents, keystrokes, screen captures, and other data from compromised Mac devices. The malware can also list email messages and attachments, and files from removable storage.

CloudMensis also reportedly uses publicly available cloud storage systems like Yandex Disk, pCloud, and Dropbox to communicate with the operators. The malware also uses the names of months as its directory names.

According to the researchers at the cybersecurity firm, the first Mac that was compromised by the malware was attacked in February. That suggests that the malware is a recent entry into the ecosystem of the Mac device.

The malware has limited distribution, though, which means that it has more targeted operations, with researchers stating that the malware operators are picking targets that they find interesting.

At this point, the malware does not appear to use zero-day vulnerabilities. Instead, it uses other flaws to bypass macOS mitigations. Because of that, an updated Mac should be relatively safe from malware.

Once the malware achieves code execution and administrative privileges, it runs a different malware that gets a feature-rich second stage.

That second stage has 39 surveillance commands designed to collect information from compromised devices, according to Bleeping Computer.

According to Apple Insider, it is still not clear how CloudMensis is distributed and who its targets are.

Researcher Marc-Etienne Leveille said that the quality of the code and the lack of obfuscation shows the authors may not be familiar with Mac development and are not advanced.

A lot of resources were put into making the malware a powerful spying tool and a menace to potential targets.

How to Protect Yourself

Because the malware appears to be a targeted campaign much like Pegasus, most Mac users are safe from it. As noted by the cybersecurity firm ESET, keeping a Mac updated is also effective mitigation against the attack.

It is also better to download apps from sources that you can trust, like Mac App Store.

You can also install anti-virus and anti-spyware programs to scan your computer files, identify malware, and remove them.

It is also best to keep your security tools updated and audit your files for any missing data, errors, and any unauthorized additions.

You will also need a strong password with at least eight characters, including an uppercase and lowercase letter, a number, and a symbol.

Make sure you enable multi-factor authentication like PIN or security questions and use biometric tools like voiceprints, fingerprints, and facial recognition.

Do not save your passwords on a computer or network. Make sure that you use a password manager.

Malware usually has the same privileges as the user, so non-administrator accounts are blocked from accessing the sensitive parts of a computer or network system.

Ensure you avoid using administrative privileges to surf the web or check your email and log in as an administrator only when you have administrative tasks.

Related Article: Xloader Malware That Originated on Windows is Now on macOS

This article is owned by Tech Times

Written by Sophie Webster

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics