- I use this cheap Android tablet more than my iPad Pro - and it costs a fraction of the price
- One of my favorite budget tablets this year managed to be replace both my Kindle and iPad
- Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP
- How to detect this infamous NSO spyware on your phone for just $1
- I let my 8-year-old test this Android phone for kids. Here's what you should know before buying
New MacOS Backdoor Communicates Via Public Cloud
Security researchers have found a new macOS backdoor being used in targeted attacks to steal sensitive information from victims.
The threat has been named “CloudMensis” by ESET because it exclusively uses public cloud storage services to communicate with its operators. Specifically, it leverages pCloud, Yandex Disk and Dropbox to receive commands and exfiltrate files, according to the security vendor.
“We still do not know how CloudMensis is initially distributed and who the targets are,” explained ESET researcher Marc-Etienne Léveillé, who analyzed the backdoor.
“The general quality of the code and lack of obfuscation shows the authors may not be very familiar with Mac development and are not so advanced. Nonetheless, a lot of resources were put into making CloudMensis a powerful spying tool and a menace to potential targets.”
These targets are said to be fairly limited. Once the backdoor gains code execution and administrative privileges, it runs first-stage malware which in turn retrieves a more feature-rich second stage from a cloud storage service, ESET said.
This larger, second component can issue 39 commands including document exfiltration, taking screenshots, and lifting email attachments and other sensitive data.
Metadata obtained from the three impacted cloud storage services indicates that commands began to be issued to victim machines on February 4 2022.
Although the threat actors behind this campaign are exploiting vulnerabilities to circumvent macOS mitigations, ESET didn’t find any zero-days during its research. System administrators were therefore urged to ensure any corporate Macs are running an up-to-date OS to help mitigate the threat.
Just last week, Apple seemed to acknowledge the problem of spyware targeting its users when it announced a new set of features dubbed “Lockdown Mode.”
Designed to harden the devices and machines of at-risk users, the features will reduce the attack surface by limiting specific functionality such as mobile device management, just-in-time JavaScript compilation and incoming invitations and service requests.