Researchers at the ESET security firm have discovered a new kind of malware known as CloudMensis. This exploits macOS systems in order to spy on users and steal their private data, including documents, email attachments, and keystrokes. The malware can also be used to capture screenshots on a victim's device.

CloudMensis Backdoors macOS Devices to Steal Data

CloudMensis malware has been found to exploit publically available cloud storage providers like DropBox, pCloud, and Yandex Disk in order to infiltrate a given macOS system and steal user data. In a post about CloudMensis, ESET described it as a "previously unknown macOS backdoor".

Because CloudMensis can bypass Apple’s macOS Transparency Consent and Control (TCC), it has the ability to view a user's activity on their macOS device in real-time and extract data from cloud storage programs. CloudMensis' long list of surveillance commands also allows it to perform a range of actions on a given victim's device without their authorization or knowledge.

This ability to bypass Apple's macOS TCC suggests that CloudMensis is by no means a basic type of malware. Rather, its level of sophistication is quite concerning.

CloudMensis May Be Targeting High-Value Devices

While CloudMensis was officially discovered in April 2022, the first recorded attack stretches back to two months prior, on February 4th. Between then and April, only 51 users have fallen victim to this malware.

hooded figure behind blue lock symbol

Though it may sound relieving that such a small number of victims have been affected so far by CloudMensis malware, this suggests that the operators are targeting specific users to attack. So, instead of spreading the malware to any computer that will accept it, these attackers are most likely going for individuals that may have something valuable to steal.

CloudMensis Operators Seem Unfamiliar With macOS

Though CloudMensis is evidently one of the more sophisticated strains of malware, it seems that its operators are not well-versed in macOS systems. We know this as their experience with Objective-C coding (a language used for OS X- and iOS-supported devices) appears to be fairly basic. But this does not mean CloudMensis is not still a risk to macOS users.

CloudMensis Continues to Be a Threat

Though ESET has reported that no zero-day exploits using CloudMensis have been recorded at the time of writing, this malware still poses a serious threat to macOS users.

ESET is still working to determine how this malware is initially spread and why certain users are being targeted, which means that more attacks could occur in the future. Users have been advised to keep their macOS software updated to maximize their devices' security levels.