Endpoint/Device Security, Cloud Security, Malware, Threat Management

Macs targeted by novel CloudMensis spyware

Macs are being compromised with the new CloudMensis spyware that leverages public cloud storage services such as Dropbox, Yandex Disk, and pCloud for attack command receipt and file exfiltration, The Hacker News reports. CloudMensis was identified by ESET researchers to exploit code execution and administrative privileges for initial payload deployment used to retrieve and execute a second-stage pCloud-hosted malware. The report also showed that Safari sandbox escape and privilege escalation exploits have also been deleted by the first-stage payload to bypass detection, while another patched vulnerability, tracked as CVE-2020-9934, has been exploited to evade the Transparency, Consent, and Control security framework. Researchers also found that pCloud accounts have been created in January while compromises began the following month before reaching their peak in March. "The general quality of the code and lack of obfuscation shows the authors may not be very familiar with Mac development and are not so advanced. Nonetheless a lot of resources were put into making CloudMensis a powerful spying tool and a menace to potential targets," wrote M.Lveill.

Related

US, Australia apprehend Firebird RAT developer

The FBI and Australian Federal Police have partnered to arrest and indict an unnamed Australian who developed Firebird/Hive remote access trojan and California-based Edmond Chakhmakchyan, also known as Corruption, who allegedly marketed the RAT, according to BleepingComputer.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.