- One of the best mid-range sports watches I've tested is on sale for Black Friday
- This monster 240W charger has features I've never seen on other accessories (and get $60 off this Black Friday)
- This laptop power bank has served me well for years, and this Black Friday deal slashes the price in half
- This power bank is thinner than your iPhone and this Black Friday deal slashes 27% off the price
- New Levels, New Devils: The Multifaceted Extortion Tactics Keeping Ransomware Alive
New MacOS Backdoor Communicates Via Public Cloud
Security researchers have found a new macOS backdoor being used in targeted attacks to steal sensitive information from victims.
The threat has been named “CloudMensis” by ESET because it exclusively uses public cloud storage services to communicate with its operators. Specifically, it leverages pCloud, Yandex Disk and Dropbox to receive commands and exfiltrate files, according to the security vendor.
“We still do not know how CloudMensis is initially distributed and who the targets are,” explained ESET researcher Marc-Etienne Léveillé, who analyzed the backdoor.
“The general quality of the code and lack of obfuscation shows the authors may not be very familiar with Mac development and are not so advanced. Nonetheless, a lot of resources were put into making CloudMensis a powerful spying tool and a menace to potential targets.”
These targets are said to be fairly limited. Once the backdoor gains code execution and administrative privileges, it runs first-stage malware which in turn retrieves a more feature-rich second stage from a cloud storage service, ESET said.
This larger, second component can issue 39 commands including document exfiltration, taking screenshots, and lifting email attachments and other sensitive data.
Metadata obtained from the three impacted cloud storage services indicates that commands began to be issued to victim machines on February 4 2022.
Although the threat actors behind this campaign are exploiting vulnerabilities to circumvent macOS mitigations, ESET didn’t find any zero-days during its research. System administrators were therefore urged to ensure any corporate Macs are running an up-to-date OS to help mitigate the threat.
Just last week, Apple seemed to acknowledge the problem of spyware targeting its users when it announced a new set of features dubbed “Lockdown Mode.”
Designed to harden the devices and machines of at-risk users, the features will reduce the attack surface by limiting specific functionality such as mobile device management, just-in-time JavaScript compilation and incoming invitations and service requests.