In daily life, people are more and more aware of the protection of personal data, especially in today’s era of big data, data protection is even more urgent. Recently, a research team from network security company ESET discovered a new type of macOS malware, CloudMensis. Through research, it was found that once a Mac device is infected, it will be installed with a backdoor, infiltrating the local network, recording keystrokes, and viewing documents without the user’s knowledge. And screenshots, important and sensitive data of casual users will be at a glance. The Trojan can even recover emails, attachments and related files from deleted storage.
In addition, the CloudMensis Trojan will also upload the obtained data to public cloud storage systems such as pCloud, Yandex Disk and Dropbox, which has the advantage of allowing the attackers behind it to continue to use it later. ESET found that the stolen material was uploaded and automatically sorted by month and by the name of the victim.
According to research, the first Mac device attacked by CloudMensis dates back to February 4, 2022, which means this is a new type of Trojan targeting Mac devices. Although the distribution of the Trojans is still relatively limited at this stage, their goals are more specific.
According to the current investigation report, this Trojan does not use zero-day vulnerabilities, but uses previously exposed vulnerabilities to bypass macOS protection. So Mac users only need to upgrade to the latest version to defend once morest the intrusion of this Trojan.
Not only that, but if the device is accidentally infected with CloudMensis, the Trojan will try to execute code to gain system administrator privileges. After a successful acquisition, the next stage is the second stage, where CloudMensis runs regarding 39 instructions to collect data on the infected device.
The researcher Marc-Etienne Leveille said, “At the moment we don’t know how CloudMensis spread in the early days, and what his main purpose was. However, the code quality and lack of obfuscation indicate that the developer of the Trojan was not familiar with Macs. is not a seasoned Mac developer.”
_______
Qooah is now on MeWe, follow immediately:https://mewe.com/p/qooah
More platforms to follow immediately:qooah IG (@qooah)、Qooah YouTubeat the product launch site of Bahang, see all the beautiful Show Girls