This is nasty. Mac Malware.

[Freeangel1]

YIKES!

'CloudMensis' Mac Malware Can Take Screenshots, Loot Files

The malware can backdoor a Mac and steal data from the system, according to ESET. But it seems the hackers behind CloudMensis are distributing it selectively.

www.pcmag.com

 

[darngooddesign]

"Still, the company did uncover some interesting computer code in the malware, which shows it was designed to abuse four vulnerabilities in macOS previously patched in 2017. This suggests CloudMensis “may have been around for many years,” ESET said."

Malware targeting people who haven't updated their OS since 2016.

 

[StellarVixen]

"Still, the company did uncover some interesting computer code in the malware, which shows it was designed to abuse four vulnerabilities in macOS previously patched in 2017. This suggests CloudMensis “may have been around for many years,” ESET said."

Malware targeting people who haven't updated their OS since 2016.

"Cloud"

Good thing I am a luddite then, with bunch of external drives and USBs instead of relying on someone other to take care of my data.

 

[bogdanw]

"Cloud"

Good thing I am a luddite then, with bunch of external drives and USBs instead of relying on someone other to take care of my data.

It’s not about what you do
“ESET has named the malware CloudMensis because it uses cloud storage services to communicate with the operators and uses the names of months as directory names.
This macOS malware uses cloud storage as its Command and Control channel, supporting three different providers: pCloud, Yandex Disk, and Dropbox.”
https://www.eset.com/int/about/news...udmensis-spies-on-them-in-targeted-operation/

In related news “Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive” https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/

 

[NoBoMac]

Malware targeting people who haven't updated their OS since 2016.

And anyone on old Catalina.

I see what you did there: A look at the CloudMensis macOS spyware

ESET uncovers CloudMensis, a macOS backdoor that spies on users of Mac devices and communicates with its operators via public cloud storage services.

www.welivesecurity.com

If SIP is enabled but the Mac is running any version of macOS Catalina earlier than 10.15.6, CloudMensis will exploit a vulnerability to make the TCC daemon (tccd) load a database CloudMensis can write to. This vulnerability is known as CVE-2020–9934and was reported and described by Matt Shockley in 2020.

Ultimately, bold part:

CloudMensis is a threat to Mac users, but its very limited distribution suggests that it is used as part of a targeted operation. From what we have seen, operators of this malware family deploy CloudMensis to specific targets that are of interest to them. Usage of vulnerabilities to work around macOS mitigations shows that the malware operators are actively trying to maximize the success of their spying operations. At the same time, no undisclosed vulnerabilities (zero-days) were found to be used by this group during our research. Thus, running an up-to-date Mac is recommended to avoid, at least, the mitigation bypasses.