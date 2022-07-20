Although many people think that macOS is an insurmountable operating system for cybercriminals, the reality is very different. There are many malware, Trojans or computer viruses in general that are focused on these devices, although it can be become less common due to lower market share. Now a new malware is added to this list, baptized as CloudMensis.

Those responsible for this discovery have been the ESET researchers that detected the malware in April of this year, giving it that name based on cloud storage services such as Dropbox.

Ransomware: what it is, how it infects and how to protect yourself

A malware that is still unknown to researchers

The malware aims to embed itself fully into Macs to extract as much information as possible. The researchers have even been able to make a list of all the commands that they integrate in order to know exactly what this malware is doing. Among these points the following stand out.

Start screenshot.

Capture all keystrokes.

Access internal files and also external storage drives.

Download and run files.

Run shell commands.

Check the list of active processes.

Change settings for cloud storage services.





Keep in mind that being a malware that infected a Mac for the first time, the February 4, 2022. From here it has been detected that it is a malicious program that tries to use a backdoor to compromise other Macs. This makes it possible to categorize it as a fully targeted attackalthough the final objective is not specifically known.

There are currently many questions on the table in order to understand this malware. One of them is the transmission Vector, that is, how a computer can be infected with this malware. Although what is known is that developers do not have much knowledge in macOS as they have a fairly low code quality.

What is really interesting is that this malware has the ability to evade all the security systems that Apple has implemented in macOS. One of them are the privacy settings, since although permission should normally be given to take screenshots or monitor the keyboard, this malware bypasses them. Now, work must be done to completely block applications that access sensitive user information.

Via | BleepingComputer