ESET analyzed CloudMensis, a macOS spyware family discovered in April 2022 that uses public cloud storage services such as pCloud, Yandex Disk, and Dropbox for command exchange and data exfiltration. The malware follows a two-stage flow in which a downloader installs a more capable spy agent as a system-wide daemon after code execution and administrative privileges are obtained. The second stage collects documents, keystrokes, screenshots, email attachments, and other sensitive data from compromised Macs while maintaining encrypted local configuration. ESET also found legacy Safari exploit cleanup code tied to patched 2017 vulnerabilities, suggesting the toolset may have been in use for years even though the initial compromise vector remained unknown.