CloudMensis CloudMansis-controlled hitchhiker steals data from computers under macOS control

CloudMensis CloudMansis-controlled hitchhiker steals data from computers under macOS control

In the field of information security, ESET experts found previously unknown harmful CloudMensis software designed to attack computers with macOS. The main feature of the damage is that it uses pCloud, Dropbox and Yandex. Disk as server managers.

According to available data, CloudMensis is written in Objective-C. Experts have determined that, in the initial phase, the intruders need to raise the level of rights in the system under attack, using known vulnerabilities. Next, a downloader is installed on the compromised system, which downloads components of harmful software from a cloud storage facility.

Following the installation of CloudMensis, the perpetrators can perform various actions on the victim ' s device, including the collection of confidential information, the interception of keys, and the installation of another harmful software. All collected data before being sent to cloud space are encrypted with an open key that has been detected in the most harmful material. The decryption requires a private key held by CloudMensis operators.

In addition to the fact that spying software for machos is rare, the most notable difference is that its authors use cloud storage as control servers, an approach that has allowed perpetrators to remove domain names and IP addresses from the CloudMensis code, making it difficult to track and block the activities of the vulture at the network level. It is noted that similar tactics have previously been used by different hacker groups, including Inception.