"New CloudMensis Malware Backdoors Macs to Steal Victims' Data"

In a highly targeted series of attacks, unknown threat actors are using previously undetected malware to backdoor macOS devices and exfiltrate information. ESET researchers discovered the new malware in April 2022 and named it CloudMensis as it uses pCloud, Yandex Disk, and Dropbox public cloud storage services for command-and-control (C2) communication. The capabilities of CloudMensis indicate that its operators' primary goal is to collect sensitive information from infected Macs via various means. These capabilities include taking screenshots, exfiltrating documents, logging keystrokes, as well as listing email messages, attachments, and files stored on removable storage. The malware supports dozens of commands, allowing its operators to carry out a variety of tasks on infected Macs. According to ESET, the first Mac was infected with CloudMensis on February 4, 2022. Since then, the attackers have only used the backdoor sporadically to target and compromise other Macs, indicating the campaign's highly targeted nature. The infection vector is also unknown, and the attackers' Objective-C coding skills show a lack of familiarity with the macOS platform. This article continues to discuss findings regarding the new CloudMensis malware.

Bleeping Computer reports "New CloudMensis Malware Backdoors Macs to Steal Victims' Data"