Skip to main content

This dangerous Mac malware can infiltrate your entire system

A newly uncovered malware designed to target Macs has been effective in obtaining access to systems and stealing sensitive data.

The discovery was detailed by internet security company ESET, which named the malware CloudMensis because of its reliance on cloud storage services.

A large monitor displaying a security hacking breach warning.
Stock Depot / Getty Images

As reported by Bleeping Computer and PCMag, the malware can successfully take screenshots of a user’s system without their knowledge, in addition to registering keystrokes, taking files and documents (even from removable storage devices), and listing emailing messages and attachments.

Recommended Videos

CloudMensis was originally detected by ESET in April 2022. It makes use of pCloud, Yandex Disk, and Dropbox in order to execute command-and-control (C2) communication.

The malware is fairly advanced in the sense that it provides the ability to carry out numerous malicious commands, such as viewing running processes, “running shell commands and uploading the output to cloud storage,” and downloading and opening arbitrary files.

While CloudMensis has now been uncovered, the identity of those behind the malware attack remains unknown.

“We still do not know how CloudMensis is initially distributed and who the targets are,” ESET researcher Marc-Etienne Léveillé said. “The general quality of the code and lack of obfuscation shows the authors may not be very familiar with Mac development and are not so advanced. Nonetheless, a lot of resources were put into making CloudMensis a powerful spying tool and a menace to potential targets.”

ESET’s analysis reveals that the threat actors managed to infiltrate their first Mac target on February 4, 2022. Interestingly, CloudMensis has only been used a handful of times to infect a target. Furthermore, the Objective-C coding abilities from the hackers reveals they’re not well-versed in the MacOS platform, according to Bleeping Computer.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

When ESET examined the cloud storage addresses that CloudMensis was associated with, the corresponding metadata from the cloud drives revealed “there were at most 51 victims” from February 4 until April, 2022.

Once the malware is executed on the Mac system, CloudMensis is then able to completely evade Apple’s MacOS Transparency Consent and Control (TCC) system without being detected. This feature alerts users to a window where they’ll need to grant specific permission for apps that perform screen captures or monitor keyboard events.

By avoiding TCC, CloudMensis can subsequently view the Macs’ screens and associated activity, as well as scan removable storage devices.

In any case, the malware is clearly more on the sophisticated end if it can bypass Mac’s own security measures with such relative ease. And it’s not just Macs that are exposed — PCMag highlights how the malware’s computing code confirms it can also infiltrate Intel-powered systems.

“CloudMensis is a threat to Mac users, but its very limited distribution suggests that it is used as part of a targeted operation,” ESET said. “At the same time, no undisclosed vulnerabilities (zero-days) were found to be used by this group during our research. Thus, running an up-to-date Mac is recommended to avoid, at least, the mitigation bypasses.”

If you own a Mac and want to check for viruses and malware, then be sure to head over to our guide explaining how to do so.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
The M4 Mac launch is incoming, but not how you might expect
The 14-inch MacBook Pro with M3 Max chip seen from behind.

The past few months have been full of speculation, anticipation, and pretty wild rumors concerning the upcoming M4 Macs -- and now the predicted release date of November 1 is just a week or so away. Despite the lack of an event announcement, Bloomberg's Mark Gurman still believes the launch is "imminent," with an announcement reportedly coming on October 30.

According to him, Apple Stores are running very low on iMac, Mac mini, MacBook Pro, Magic Keyboard, Magic Mouse, and Magic Trackpad units -- and this usually happens when updates are about to be released.

Read more
Is Apple’s upcoming M4 Mac event still happening? I’m skeptical
Russian YouTuber Romancev768 with what is claimed to be a real M4 MacBook Pro unit.

Over the last few weeks, the endless stream of M4 MacBook Pro leaks has been almost inescapable. We’ve seen photos, unboxing videos, even M4 laptops reportedly going up for sale way ahead of time. Ye.t despite all that, there’s been one thing that has stopped me from fully believing that these leaks are legitimate -- despite a well-known reporter claiming that they’re authentic.

That’s because in all the leaks we’ve seen, the box of the M4 MacBook Pro has come with the same black-and-gray wallpaper that Apple used for its M3 line of MacBook Pros. It’s something that has bugged me ever since I first noticed it. But what if the use of an old wallpaper isn't proof that these leaks are fakes, but is actually a clue about what Apple is about to do next?
The wallpaper of it all

Read more
Massive M4 MacBook Pro leaks have been ‘confirmed’ to be true
Russian YouTuber Romancev768 with what is claimed to be a real M4 MacBook Pro unit.

Over the last few weeks, we’ve seen a spate of leaks showing off what are alleged to be the upcoming M4 MacBook Pro. From photos of retail boxes to full-blown unboxing videos, the internet has been awash with the next MacBook Pro, despite the fact that Apple hasn’t even announced it yet.

Despite the constant media attention, there have been consistent doubts about the leaks -- for some, they just had a few too many question marks to be trusted. Yet Bloomberg reporter Mark Gurman has just dropped a bombshell by throwing his weight behind the leaks, writing in his latest Power On newsletter: “I can confirm that these are indeed Apple’s upcoming M4 MacBook Pros.” Gurman is one of the most accurate and consistent Apple leakers in the business and claims to have sources deep inside the company. So, when he says something is genuine, there’s a good chance he’s right.

Read more