Skip to main content

This dangerous Mac malware can infiltrate your entire system

A newly uncovered malware designed to target Macs has been effective in obtaining access to systems and stealing sensitive data.

The discovery was detailed by internet security company ESET, which named the malware CloudMensis because of its reliance on cloud storage services.

A large monitor displaying a security hacking breach warning.
Stock Depot / Getty Images

As reported by Bleeping Computer and PCMag, the malware can successfully take screenshots of a user’s system without their knowledge, in addition to registering keystrokes, taking files and documents (even from removable storage devices), and listing emailing messages and attachments.

CloudMensis was originally detected by ESET in April 2022. It makes use of pCloud, Yandex Disk, and Dropbox in order to execute command-and-control (C2) communication.

The malware is fairly advanced in the sense that it provides the ability to carry out numerous malicious commands, such as viewing running processes, “running shell commands and uploading the output to cloud storage,” and downloading and opening arbitrary files.

While CloudMensis has now been uncovered, the identity of those behind the malware attack remains unknown.

“We still do not know how CloudMensis is initially distributed and who the targets are,” ESET researcher Marc-Etienne Léveillé said. “The general quality of the code and lack of obfuscation shows the authors may not be very familiar with Mac development and are not so advanced. Nonetheless, a lot of resources were put into making CloudMensis a powerful spying tool and a menace to potential targets.”

ESET’s analysis reveals that the threat actors managed to infiltrate their first Mac target on February 4, 2022. Interestingly, CloudMensis has only been used a handful of times to infect a target. Furthermore, the Objective-C coding abilities from the hackers reveals they’re not well-versed in the MacOS platform, according to Bleeping Computer.

A depiction of a hacker breaking into a system via the use of code.
Getty Images

When ESET examined the cloud storage addresses that CloudMensis was associated with, the corresponding metadata from the cloud drives revealed “there were at most 51 victims” from February 4 until April, 2022.

Once the malware is executed on the Mac system, CloudMensis is then able to completely evade Apple’s MacOS Transparency Consent and Control (TCC) system without being detected. This feature alerts users to a window where they’ll need to grant specific permission for apps that perform screen captures or monitor keyboard events.

By avoiding TCC, CloudMensis can subsequently view the Macs’ screens and associated activity, as well as scan removable storage devices.

In any case, the malware is clearly more on the sophisticated end if it can bypass Mac’s own security measures with such relative ease. And it’s not just Macs that are exposed — PCMag highlights how the malware’s computing code confirms it can also infiltrate Intel-powered systems.

“CloudMensis is a threat to Mac users, but its very limited distribution suggests that it is used as part of a targeted operation,” ESET said. “At the same time, no undisclosed vulnerabilities (zero-days) were found to be used by this group during our research. Thus, running an up-to-date Mac is recommended to avoid, at least, the mitigation bypasses.”

If you own a Mac and want to check for viruses and malware, then be sure to head over to our guide explaining how to do so.

Zak Islam
Former Digital Trends Contributor
Zak Islam was a freelance writer at Digital Trends covering the latest news in the technology world, particularly the…
Here are 5 macOS 15 features that I can’t wait to see
Apple CEO Tim Cook walks off stage after speaking during the Apple Worldwide Developers Conference.

Apple’s Worldwide Developers Conference (WWDC) is less than a month away, meaning it’ won't be long before we find out exactly what sort of updates are coming to macOS 15. It’s always an exciting time for Mac users, as we get to find out what Apple is doing to tune up its operating systems and improve the Mac experience for all of us.

By this stage, we’ve already seen a bunch of intriguing leaks hinting at what’s coming in macOS 15. There are a few things I really want Apple to fix, as well as plenty of cool features heading our way if the rumors prove to be correct.

Read more
Why Samsung’s answer to the MacBook Pro can’t quite compete
The Galaxy Book4 Ultra open on a wooden suruface.

The 16-inch MacBook Pro is the king of the creator laptops, and it's been that way for several years.

But there have been a wave of new Windows laptops attempting to challenge the MacBook Pro on its own terms. The Samsung Galaxy Book4 Ultra is certainly a contender, packing some impressive specs in a portable chassis. When you compare the two straight up, the MacBook Pro 16-inch clearly comes away with the upper hand, even when considering its higher price.
Specs and pricing

Read more