Cybersecurity News in Asia

Features
- Featured
  
  What businesses need to know about SEO poisoning
  
  Tuesday, April 16, 2024, 4:55 PM Asia/Singapore | Features
- Featured
  
  Immutable data critical to AI projects and cyber resilience
  
  Thursday, April 11, 2024, 11:46 AM Asia/Singapore | Data Protection, Features
- Featured
  
  Preparing for the benefits and risks of quantum computing: Leap or Lag?
  
  Monday, March 18, 2024, 2:55 PM Asia/Singapore | Features
News
- Featured
  
  More RATs discovered in official Android app store
  
  Friday, April 19, 2024, 5:20 PM Asia/Singapore | News, Newsletter
- Featured
  
  When GenAI chatbots start pretending to be stupid to gain human trust…
  
  Friday, April 19, 2024, 10:06 AM Asia/Singapore | News, Newsletter
- Featured
  
  Real estate logistics provider GLP steps up to zero trust architecture
  
  Friday, April 19, 2024, 10:01 AM Asia/Singapore | Case Study, News
Opinions
Tips
Whitepapers
Awards 2023
Directory
E-Learning

News

New macOS backdoor discovered

By CybersecAsia editors and webmaster webmaster | Friday, July 22, 2022, 10:28 AM Asia/Singapore

Despite its limited distribution, the backdoor could be part of larger-scale threat campaigns

Cyber researchers have discovered a previously unknown macOS backdoor that allows hackers to monitor keystrokes, exfiltrate documents, capture screen activity and spy on emails and attachments in the compromised machines.

The backdoor uses public cloud storage services (pCloud, Yandex Disk, and Dropbox) exclusively for communications with its operators, and its “very limited distribution” suggests its role as part of a targeted operation.

Operators of this malware family deploy it to specific targets that are of interest to them. The use of vulnerabilities to work around macOS mitigations shows that the malware operators are actively trying to maximize the success of their spying operations. At the same time, no undisclosed zero day vulnerabilities were found to be used by this group.

ESET researchers, who disclosed the discovery, still do not know how the backdoor, dubbed CloudMensis, is initially distributed, or who the targets are. One researcher who analyzed the CloudMensis code, Mark-Etienne M. Léveillé, said: “The general quality of the code and lack of obfuscation indicate that the authors may not be very familiar with Mac development and are not so advanced. Nevertheless, a lot of resources were put into making CloudMensis a powerful spying tool and a menace to potential targets.”

Once the backdoor gains code execution and administrative privileges, it runs a first-stage malware that retrieves a more feature-rich second stage from the cloud. This second stage is a much larger component, packed with a number of features to collect information from the compromised machine. Altogether, 39 commands and functions were detected in the code.

Apple has recently acknowledged the presence of spyware targeting users of its products and is previewing Lockdown Mode on iOS, iPadOS, and macOS, which disables features frequently exploited to gain code execution and deploy malware.

Therefore, Mac users should update their machines with the feature to avoid CloudMensis infection.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Secure Access Service Edge (SASE) Solutions for Today’s Work-From-Anywhere (WFA) Environment
Organizations are turning to Secure Access Service Edge (SASE) solutions for securing remote work environments, …Download Whitepaper
Identity Has Breached the Ecosystem
This whitepaper explores the dual nature of identity in cybersecurity, emphasizing its role in both …Download Whitepaper
Fortanix Buyers Guide for Modern Key Management and Data Security
This document underscores the pressing challenges in key management and data securityDownload Whitepaper
Fortanix Data Risk Management – Using Tokenization to Secure Your Data
In today's digital world, organizations prioritize data security. To protect sensitive information, they use tokenization, …Download Whitepaper

Middle-sidebar-banner

Case Studies

Real estate logistics provider GLP steps up to zero trust architecture
With its physical and digital footprint growing, the global firm’s outdated legacy security stack has …Read more
Identity security woes now a thing of the past for Heng Leong Hang
The retail chain was grappling with numerous cyber risks in its IT infrastructure until it …Read more
Indonesia’s cyber defense agency tackles Defender’s Dilemma with new initiatives
The country’s public sector will benefit from three pillars of training, intelligence and capacity-building schemes …Read more
SingAREN showcases what a national research community needs for cyber protection
With threat actors thirsting to steal international research data, what kind of cybersecurity platform can satisfy …Read more

Cybersecurity News in Asia

Featured

What businesses need to know about SEO poisoning

Featured

Immutable data critical to AI projects and cyber resilience

Featured

Preparing for the benefits and risks of quantum computing: Leap or Lag?

Featured

More RATs discovered in official Android app store

Featured

When GenAI chatbots start pretending to be stupid to gain human trust…

Featured

Real estate logistics provider GLP steps up to zero trust architecture

New macOS backdoor discovered

Despite its limited distribution, the backdoor could be part of larger-scale threat campaigns

Related Posts

Leave a reply Cancel reply

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Middle-sidebar-banner

Case Studies

Bottom sidebar