Spyware is designed to stealthily infiltrate the victim's computer and remain silent, and thus no particular symptoms are clearly visible on an infected machine. Threat Summary: NameĪvast (MacOS:Imis-A ), Combo Cleaner (.109834), ESET-NOD32 (OSX/CloudMensis.A), Kaspersky (HEUR:), Full List ( VirusTotal) It starts malicious activities after code execution, and administrative privileges are gained.ĬloudMensis uses public cloud storage services such as Dropbox, pCloud and Yandex Disk as a communication channel (to receive commands from the attackers and exfiltrate files). Typically, this feature is used to steal sensitive information (e.g., credit card details, ID card information, login credentials, names, surnames). Also, this spyware can access screen captures, camera, and microphone, list running processes, run shell commands and upload the output to cloud storage, download and execute arbitrary files.ĬloudMensis also allows threat actors to log keystrokes (obtain keyboard input). The files targeted by CloudMensis include audio recordings, documents, email messages, pictures, spreadsheets, and possibly other files. It can exfiltrate documents and email attachments, capture the screen, log keystrokes, and steal other sensitive data. It was found that CloudMensis is written in Objective-C programming language. While analyzing the samples submitted to the VirusTotal page, our team discovered spyware targeting macOS users called CloudMensis.
0 Comments
Leave a Reply. |