CloudMensis Spyware

Cybersecurity researchers have uncovered a spyware threat targeting macOS devices specifically. Tracked as CloudMensis, this spyware threat was created using the Objective-C programming language. It can be used to extract various sensitive information from infected devices and spy on users.

Once executed, CloudMensis targets numerous file types that may contain valuable data, such as documents, audio recordings, emails, pictures, spreadsheets and more. In addition, the spyware can make arbitrary screen captures or assume control over the device's camera and microphone. It can provide the attackers with a list of all running processes, allow them to execute shell commands and deliver the results to cloud storage. The threat could be instructed to fetch and execute additional files, which may include more threatening payloads.

CloudMensis also can establish keylogging routines on the breached device, potentially giving the threat actors a chance to collect the victim's account credentials, banking and payment info or credit/debit card numbers. However, to reach its full harmful capacity, the threat first needs to obtain code execution and admin privileges. The operators of CloudMensis utilize public cloud storage services (Dropbox, pCloud, Yandex Disk) as communication channels. Through them, the hackers can send instructions to the threat or receive exfiltrated files.