They discover a virus that steals MacO users’ data

The cyber security company ESET has identified a A computer virus that can steal data from Mac users They would do this through various techniques, such as keyloggers, which allow cybercriminals to know passwords and other information that people type on their computer keyboards.

There is something interesting about this cyber attack, which the organization is calling as CloudMensisis that it uses public access platforms for cloud storage as the host of the malware as it is downloaded in two steps.

This method of interfering and infecting user devices in two stages is not new, as it has already been seen in similar cases. The platform used by the criminals was Discord. But in this case, it is interesting how they manage to connect the first file to the computer with the second file contained in the cloud storage service, thus installing the virus, which allows the attackers. access to system information, thereby stealing data such as account numbers and bank passwords.

In addition, cybercriminals not only have access to people’s personal data through keyloggers, but also have access to screenshots.

Despite this, Attacks on Apple operating systems are not new And the same company has just created a tool strict isolation This allows blocking functions that criminals usually interfere with to get important information on the computer.

This is explained by the head of the ESET Latin American research laboratory This spyware was developed for Intel and Apple And although it is not known how the attack on users came, it is certain that when the virus manages to control the system, a two-step process occurs. “The first stage downloads and implements the second stage with more features. Interestingly, the first-stage malware removes the next-stage malware from the cloud storage provider. The expert explains.

In addition, this malware does not use a public link, but contains an access code to download a file called “MyExecute” from disk. In particular, it was used in the sample analyzed by Eset pCloud For storage and delivery of the second stage.

Based on the files downloaded in both phases, it is estimated that the creators named the malware as performance and customer which as mentioned earlier, the first is a bootloader, that is, its function is to download and install the second virus, which is a controversial spyware, Runs on computers as a program that runs in the backgroundAnd that’s why it goes unnoticed by users.

On the other hand, as suggested by ESET, CloudMensis may have been circulating on the Internet for several years, This is because after investigation, it was found that the first malware, that is, the one that works as a downloader, contained a component called removeRegistration, whose function was to exploit privileges. 4 Safari vulnerabilities (previously sealed by Apple) to then run exploits, which is another type of attack that takes control of networks or steals personal information from systems and computers.

As for the second CloudMensis malware, it is a much more complex computer component because it is the one that interferes with Mac computers, it comes in a compressed form because it includes several functions that it is looking for. Collect documents, screenshots, email attachments and other personal data.

Finally, cybercriminals use cloud storage to store stolen information, The platforms they use are pCloud, Yandex Disk and Dropbox.

Continue reading: