Skip to main content

This dangerous Mac malware can infiltrate your entire system

A newly uncovered malware designed to target Macs has been effective in obtaining access to systems and stealing sensitive data.

The discovery was detailed by internet security company ESET, which named the malware CloudMensis because of its reliance on cloud storage services.

A large monitor displaying a security hacking breach warning.
Stock Depot / Getty Images

As reported by Bleeping Computer and PCMag, the malware can successfully take screenshots of a user’s system without their knowledge, in addition to registering keystrokes, taking files and documents (even from removable storage devices), and listing emailing messages and attachments.

CloudMensis was originally detected by ESET in April 2022. It makes use of pCloud, Yandex Disk, and Dropbox in order to execute command-and-control (C2) communication.

The malware is fairly advanced in the sense that it provides the ability to carry out numerous malicious commands, such as viewing running processes, “running shell commands and uploading the output to cloud storage,” and downloading and opening arbitrary files.

While CloudMensis has now been uncovered, the identity of those behind the malware attack remains unknown.

“We still do not know how CloudMensis is initially distributed and who the targets are,” ESET researcher Marc-Etienne Léveillé said. “The general quality of the code and lack of obfuscation shows the authors may not be very familiar with Mac development and are not so advanced. Nonetheless, a lot of resources were put into making CloudMensis a powerful spying tool and a menace to potential targets.”

ESET’s analysis reveals that the threat actors managed to infiltrate their first Mac target on February 4, 2022. Interestingly, CloudMensis has only been used a handful of times to infect a target. Furthermore, the Objective-C coding abilities from the hackers reveals they’re not well-versed in the MacOS platform, according to Bleeping Computer.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

When ESET examined the cloud storage addresses that CloudMensis was associated with, the corresponding metadata from the cloud drives revealed “there were at most 51 victims” from February 4 until April, 2022.

Once the malware is executed on the Mac system, CloudMensis is then able to completely evade Apple’s MacOS Transparency Consent and Control (TCC) system without being detected. This feature alerts users to a window where they’ll need to grant specific permission for apps that perform screen captures or monitor keyboard events.

By avoiding TCC, CloudMensis can subsequently view the Macs’ screens and associated activity, as well as scan removable storage devices.

In any case, the malware is clearly more on the sophisticated end if it can bypass Mac’s own security measures with such relative ease. And it’s not just Macs that are exposed — PCMag highlights how the malware’s computing code confirms it can also infiltrate Intel-powered systems.

“CloudMensis is a threat to Mac users, but its very limited distribution suggests that it is used as part of a targeted operation,” ESET said. “At the same time, no undisclosed vulnerabilities (zero-days) were found to be used by this group during our research. Thus, running an up-to-date Mac is recommended to avoid, at least, the mitigation bypasses.”

If you own a Mac and want to check for viruses and malware, then be sure to head over to our guide explaining how to do so.

Editors' Recommendations

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
iPad Pro M4 vs. MacBook Air M3: a harder choice than ever
iPad Pro with Magic Keyboard.

The line between the iPad Pro and the MacBook Air has always been slim. Despite being very different devices, they're the two 13-inch devices in Apple's lineup -- and with the updated M4 iPad Pro, they are more competitive with each other than ever.

There's a lot we still don't know about the M4 iPad Pro, but here's a preliminary look at how the two devices stack up against each other.

Read more
MacBook Pro OLED: Here’s everything we know so far
Halo running on a MacBook Pro.

While many of Apple’s laptop rivals have embraced OLED screens, Apple has stuck firmly with mini-LED in its MacBook Pro -- and the results have been spectacular. As we said when we reviewed the M3 Max MacBook Pro, it has the best display out of any laptop, bar none.

Yet, there whispers that Apple is working on something even better: its own brand of OLED display that could take the MacBook Pro to the next level. It’s still early days, and there are all sorts of different rumors flying about, but it seems that something big is definitely in the works.

Read more
Here’s everything we know about the M4 MacBook Pro so far
An open MacBook Pro on a table.

With the launch of the M4 iPad Pro, you might be wondering what’s in the cards for the MacBook Pro. Is it following hot on the heels of Apple’s flagship iPad, or will we have a significant wait before Apple’s laptop gets an upgrade?

We’ve scoured the rumor mill to find the answer, as well as worked out what sort of performance, features and designs we can expect. If you’re interested in learning more about the upcoming M4 MacBook Pro, you’re in the right place.
Price and release date

Read more