![]() ![]() We still do not know how victims are initially compromised by this threat. ![]() Samples we analyzed are compiled for both Intel and Apple silicon architectures. CloudMensis overviewĬloudMensis is malware for macOS developed in Objective-C. This blogpost describes the different components of CloudMensis and their inner workings. Disabling entry points, at the expense of a less fluid user experience, sounds like a reasonable way to reduce the attack surface. Although not the most advanced malware, CloudMensis may be one of the reasons some users would want to enable this additional defense. ![]() Its capabilities clearly show that the intent of its operators is to gather information from the victims’ Macs by exfiltrating documents, keystrokes, and screen captures.Īpple has recently acknowledged the presence of spyware targeting users of its products and is previewing Lockdown Mode on iOS, iPadOS and macOS, which disables features frequently exploited to gain code execution and deploy malware. Following analysis, we named it CloudMensis. In April 2022, ESET researchers discovered a previously unknown macOS backdoor that spies on users of the compromised Mac and exclusively uses public cloud storage services to communicate back and forth with its operators. Previously unknown macOS malware uses cloud storage as its C&C channel and to exfiltrate documents, keystrokes, and screen captures from compromised Macs
0 Comments
Leave a Reply. |