- ESET researchers discovered a previously unknown macOS backdoor that spies on users of compromised Macs.
- ESET has named the malware CloudMensis because it uses cloud storage services to communicate with the operators and uses the names of months as directory names.
- This macOS malware uses cloud storage as its Command and Control channel, supporting three different providers: pCloud, Yandex Disk, and Dropbox.
- CloudMensis can issue 39 commands, including exfiltrating documents, keystrokes, and screen captures, from compromised Macs.
- Metadata from the cloud storage services used reveal that the first Mac compromised by this recent campaign was on February 4, 2022.
- The very limited distribution of CloudMensis suggests that it is used as part of a targeted operation.
- More On :https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-discovers-new-threat-to-mac-users-cloudmensis-spies-on-them-in-targeted-operation/