Published: August 22, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
Researchers at ESET recently discovered there’s a new spyware in town aiming straight at MacOS devices and the privacy of their owners. They named this spyware CloudMensis for its ability to attack cloud services like pCloud and Dropbox. Most users agree finding spyware on their device is flat-out creepy. But it’s when bad actors put stolen PII (personally identifiable information) to work that further damage to the user almost always happens.
According to ESET, this spyware bypasses built-in macOS protections, allowing it to spy-on and exfiltrate your data files. An ESET researcher finds this malware has the “Usage of vulnerabilities to work around macOS mitigations shows that the malware operators are actively trying to maximize the success of their spying operations.”
Should any Mac owner wonder if keeping their device software patched and up-to-date really makes a difference, the answer is YES. For example, when CloudMensis enters a device, it also looks to exploit unpatched macOS vulnerabilities and get beyond their TCC (Transparency Consent and Control) system. TCC helps users set and limit privacy permissions, including for each app. Bypassing TCC gives CloudMensis operators unfettered permission to spy at will on unpatched devices.
Sumo Logic’s Chief Security Officer finds the transition to remote work due to the pandemic helps spread spyware like CloudMensis. Working from home on personal computers is a security risk, and this CSO finds “This combines personal data with enterprise data, creating a pool of vulnerable and desirable data for hackers…”
Help Keep CloudMensis Spyware from Invading Your MacOS
Always keep system and app software updated as soon as available. Security patches and updates help prevent malware from invading a device, just one of many reasons they exist.
Always use a reputable anti-virus solution. AV software searches for malware and removes it from an infected device.
Always pay close attention to permission requests, especially when downloading an app. They can be fast and fleeting, a reason why hackers hope we don’t read them and just click “yes.” Make sure permissions make sense for what you’re downloading.
Always use the strongest device and software security settings, including 2FA (two-factor authentication) when available. 2FA provides an additional layer of user authentication, keeping outsiders from accessing important PII.
Always download apps from the official app stores and not third-party sources. Hacker’s love spreading their infected apps wherever they can, and there’s no need to help them.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org