Macs targeted by novel CloudMensis spyware

Macs are being compromised with the new CloudMensis spyware that leverages public cloud storage services such as Dropbox, Yandex Disk, and pCloud for attack command receipt and file exfiltration, The Hacker News reports. CloudMensis was identified by ESET researchers to exploit code execution and administrative privileges for initial payload deployment used to retrieve and execute a second-stage pCloud-hosted malware. The report also showed that Safari sandbox escape and privilege escalation exploits have also been deleted by the first-stage payload to bypass detection, while another patched vulnerability, tracked as CVE-2020-9934, has been exploited to evade the Transparency, Consent, and Control security framework. Researchers also found that pCloud accounts have been created in January while compromises began the following month before reaching their peak in March. "The general quality of the code and lack of obfuscation shows the authors may not be very familiar with Mac development and are not so advanced. Nonetheless a lot of resources were put into making CloudMensis a powerful spying tool and a menace to potential targets," wrote M.Lveill.