A new malware affecting Macs has been discovered by security researchers at ESETwho have named it Cloudmensis.
The malware is a Trojan that opens a backdoor to the computer and spies on the user by uploading documents and other files to the developers. Instead of its own control servers, which is common, Cloudmensis uploads the files to different cloud services: Pcloud, Yandex Disk and Dropbox.
In addition to exfiltrating files, Cloudmensis can record keystrokes, save screenshots and record the screen, among other things. In total, the malware has 39 commands.
ESET has found Cloudmensis on a few Macs and hypothesizes that those who have developed it so far have chosen to use it in targeted attacks. However, no common denominator for the targets has been found and there is nothing in the code that prevents it from being used in wider attacks.
Cloudmensis’s code is relatively simple and it doesn’t exploit any unknown security flaws, only previously known flaws, so an updated Mac is safe as long as you’re not tricked into auto-authorizing the installation and entering your password.
–
