Skip to main content

This dangerous Mac malware can infiltrate your entire system

A newly uncovered malware designed to target Macs has been effective in obtaining access to systems and stealing sensitive data.

The discovery was detailed by internet security company ESET, which named the malware CloudMensis because of its reliance on cloud storage services.

A large monitor displaying a security hacking breach warning.
Stock Depot/Getty Images

As reported by Bleeping Computer and PCMag, the malware can successfully take screenshots of a user’s system without their knowledge, in addition to registering keystrokes, taking files and documents (even from removable storage devices), and listing emailing messages and attachments.

CloudMensis was originally detected by ESET in April 2022. It makes use of pCloud, Yandex Disk, and Dropbox in order to execute command-and-control (C2) communication.

The malware is fairly advanced in the sense that it provides the ability to carry out numerous malicious commands, such as viewing running processes, “running shell commands and uploading the output to cloud storage,” and downloading and opening arbitrary files.

While CloudMensis has now been uncovered, the identity of those behind the malware attack remains unknown.

“We still do not know how CloudMensis is initially distributed and who the targets are,” ESET researcher Marc-Etienne Léveillé said. “The general quality of the code and lack of obfuscation shows the authors may not be very familiar with Mac development and are not so advanced. Nonetheless, a lot of resources were put into making CloudMensis a powerful spying tool and a menace to potential targets.”

ESET’s analysis reveals that the threat actors managed to infiltrate their first Mac target on February 4, 2022. Interestingly, CloudMensis has only been used a handful of times to infect a target. Furthermore, the Objective-C coding abilities from the hackers reveals they’re not well-versed in the MacOS platform, according to Bleeping Computer.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

When ESET examined the cloud storage addresses that CloudMensis was associated with, the corresponding metadata from the cloud drives revealed “there were at most 51 victims” from February 4 until April, 2022.

Once the malware is executed on the Mac system, CloudMensis is then able to completely evade Apple’s MacOS Transparency Consent and Control (TCC) system without being detected. This feature alerts users to a window where they’ll need to grant specific permission for apps that perform screen captures or monitor keyboard events.

By avoiding TCC, CloudMensis can subsequently view the Macs’ screens and associated activity, as well as scan removable storage devices.

In any case, the malware is clearly more on the sophisticated end if it can bypass Mac’s own security measures with such relative ease. And it’s not just Macs that are exposed — PCMag highlights how the malware’s computing code confirms it can also infiltrate Intel-powered systems.

“CloudMensis is a threat to Mac users, but its very limited distribution suggests that it is used as part of a targeted operation,” ESET said. “At the same time, no undisclosed vulnerabilities (zero-days) were found to be used by this group during our research. Thus, running an up-to-date Mac is recommended to avoid, at least, the mitigation bypasses.”

If you own a Mac and want to check for viruses and malware, then be sure to head over to our guide explaining how to do so.

Editors' Recommendations

Zak Islam
Computing Writer
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Your next MacBook Air could be even faster than expected
The Apple MacBook Pro 14 laptop propped up at an angle on a desk.

Apple’s upcoming 15-inch MacBook Air could be launching sooner than expected, which is encouraging for anyone who has been waiting for this much-rumored device. But the good news doesn’t end there, as it could also get a sizeable chip upgrade that would leave rival devices in the dust.

For months, it had been suggested that Apple was working on a new 15-inch version of the MacBook Air that was going to be released at a spring event. However, now that Apple has announced it will host its Worldwide Developers Conference (WWDC) -- but not a spring event -- it seems that the latter isn’t happening. That suggests the 15-inch MacBook Air will have to wait until WWDC before seeing the light of day.

Read more
Hoping for an OLED MacBook Pro? We’ve got some bad news
An Apple MacBook Pro 14 sits open on a table.

If you’ve been waiting for Apple to launch an OLED MacBook Pro, there’s some bad news: it might not come out for another three years. That’s a serious wait considering many of Apple’s rivals have already brought out some of the best OLED laptops on the market.

The news comes from display industry tipster Ross Young, who is well-known for having a solid track record when it comes to Apple leaks. Young tweeted a link to a Reuters article outlining Samsung’s plans for an OLED fabrication plant, adding the comment: “This fab is for 14” and 16” OLED MacBook Pros from 2026.”

Read more
From click wheels to trackpads, these are the best Apple designs of all time
macbook air

This Saturday marks Apple’s 47th birthday as a company, and it’s fair to say the company has dreamed up some incredible designs over the years. Sure, it’s had a few design howlers too, but when it comes to consistency, the designers at Apple have more wins under their belt than anyone.

Looking back at the past 47 years, these are the physical pieces of tech design that captivated us most from some of its most beloved products and show just how deep Apple's design pedigree goes.
The iMac G3’s translucent case

Read more