Jump to content

New malware for mac called CloudMensis


Recommended Posts

Perhaps it has been updated, but the CloudMensis LaunchDaemon (.com.apple.WindowServer.plist) was detected as OSX.Generic.Suspicious on the 20th.

Edit: Reran scan and it did pickup five of the six CloudMensis files I created and identified them as OSX.CloudMensis Malware. The one it missed was /Library/WebServer/share/httpd/manual/WindowServer, perhaps because it's not a threat.

The LauchDaemon is also still detected as OSX.Generic.Suspicious which must mean it matches an additional criteria that I hadn't considered.

As far as I've heard, the mechanism of delivery is still unknown, but was judged to be a limited, targeted attack.

Edited by alvarnell
  • Like 1
Link to post
Share on other sites

13 hours ago, alvarnell said:

As far as I've heard, the mechanism of delivery is still unknown, but was judged to be a limited, targeted attack.

Yup, that's correct. There may even be some question about whether this particular variant is even still in circulation.

For a lot of these kinds of targeted attacks, we never see any detections. That could be because the attacker chooses not to target machines with antivirus, for fear of having their malware be discovered. It could also be because it's used to target people in Asia - which is the case with a fair bit of recent malware - where we have a very small user base. (In this case, we don't know who is being targeted.)

Link to post
Share on other sites

13 hours ago, alvarnell said:

Perhaps it has been updated, but the CloudMensis LaunchDaemon (.com.apple.WindowServer.plist) was detected as OSX.Generic.Suspicious on the 20th.

Looking back at the details, I see that there is an old rule that would have detected this plist file as OSX.Generic.Suspicious. That one's been around for a while, so it would have detected this file a long time before we added more specific detections for CloudMensis.

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.