CloudMensis Mac


A recent threat called CloudMensis has been infecting a growing number of users. CloudMensis is one of the latest Trojan horse viruses and it’s of critical importance that infections be dealt with as soon as possible.

The CloudMensis malware detected by multiple antivirus programs in VirusTotal

There is probably not a single Internet user who has never heard about Trojan horse viruses. The representatives of this malware category are, by far, some of the nastiest infections that you may encounter while browsing the World Wide Web and they are responsible for more than 70% of all malicious attacks worldwide. The secret to their success lies in their lack of symptoms and the stealthy methods of distribution that they can use in order to sneak inside the users’ computers.

Most commonly, Trojans are distributed via spam emails, malicious attachments, fake ads, misleading links like Search Marquis, QSearch, cracked and pirated software, torrents, etc. Usually, they are hidden either in a hyperlink, which you are asked to click on, or in an attached file, which you may also be asked to open. In this case, the file may be the most harmless-looking thing: an archive, a document, a PDF file, an image or a video. When you open it, however, the virus is automatically loaded into your system where it hides very deeply and begins to act in accordance with what it has been programmed for. A single Trojan horse can damage the system in a number of ways and can perform a variety of criminal tasks in the background if left to operate for a sufficient period of time. In this article, we will discuss a specific representative of this nefarious malware group called CloudMensis.

If you’ve come to us because you have found this nasty Trojan in your system, then you definitely need to read the information that follows and take action to safely remove the infection before anything bad and irreversible happens. The removal guide presented below may be very useful for you because it contains a set of manual steps and a professional removal tool that can help you locate and delete the infected files that are related to the Trojan. We highly recommend that you follow the removal instructions exactly as they are written or use the removal tool to avoid accidental deletion of vital system files which, in turn, can lead to irreversible consequences for the stability of your OS.

CloudMensis on Mac

Trojans can have several targets on your Mac at once and that’s why it is essential to remove CloudMensis immediately after you notice It. Sadly, we cannot tell you with certainty what exactly CloudMensis might be programmed to do in each instance of infection but we can give you an idea of what it might be capable of by listing some of the most common consequences of a typical Trojan horse attack.

For instance, most Trojan-based viruses can do an excellent job at inserting other viruses and malware programs such as ransomware or spyware and deleting certain files on the victim’s computer, thus causing serious data loss. Another common use of this type of malware is for espionage and unauthorized remote control. The hackers behind CloudMensis may be interested in spying on your actions in order to steal some sensitive information or passwords and login credentials, which can later help them blackmail you, drain your bank accounts or steal your online profiles.

Another option is real-time surveillance, during which your webcam and microphone may get hacked and directly stream what’s happening in your room to the hacker’s servers. Of course, those are only a small number of all the potential forms of harm that may occur, and that is precisely why you must never allow a Trojan to stay on your computer for long.


Danger LevelHigh (Trojans are often used as a backdoor for Ransomware)
Detection Tool

Remove CloudMensis from Mac

For a quick way to remove CloudMensis try to do this inside your Mac browser:

  1. Open your Mac browser.
  2. Go to Preferences.
  3. Now navigate to the extensions sub-menu.
  4. Look for any unfamiliar entries, including CloudMensis.
  5. Remove CloudMensis from your Mac as well as any other suspicious-looking items by clicking on the trash bin icon.

If this does not help then continue reading this article for more detailed instructions on how to get rid of CloudMensis!


The first thing you need to do is to Quit Safari (if it is opened). If you have trouble closing it normally, you may need to Force Quit Safari:

You can choose the Apple menu and click on Force Quit.

Alternatively, you can simultaneously press (the Command key situated next to the space bar), Option (the key right next to it) and Escape (the key located at the upper left corner of your keyboard).

If you have done it right a dialog box titled Force Quit Applications will open up.

In this new dialog window select Safari, then press the Force Quit button, then confirm with Force Quit again.

Close the dialog box/window.



Start Activity Monitor by opening up Finder, then proceed to

Once there, look at all the processes: if you believe any of them are hijacking your results, or are part of the problem, highlight the process with your mouse, then click the “i” button at the top. This will open up the following box:


Now click on Sample at the bottom:


Do this for all processes you believe are part of the threat, and run any suspicious files in our online virus scanner, then delete the malicious files:

Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
This scanner is free and will always remain free for our website's users.
This file is not matched with any known malware in the database. You can either do a full real-time scan of the file or skip it to upload a new file. Doing a full scan with 64 antivirus programs can take up to 3-4 minutes per file.
Drag and Drop File Here To Scan
Drag and Drop File Here To Scan
Analyzing 0 s
Each file will be scanned with up to 64 antivirus programs to ensure maximum accuracy
    This scanner is based on VirusTotal's API. By submitting data to it, you agree to their Terms of Service and Privacy Policy, and to the sharing of your sample submission with the security community. Please do not submit files with personal information if you do not want them to be shared.

    The next step is to safely launch Safari again. Press and hold the Shift key while relaunching Safari. This will prevent Safari’s previously opened pages from loading again. Once Safari is opened up, you can release the Shift key.

    On the off chance that you are still having trouble with scripts interrupting the closing of unwanted pages in Safari, you may need to take some additional measures.

    First, Force Quit Safari again.

    Now if you are using a Wi-Fi connection turn it off by selecting Wi-Fi off in you Mac’s Menu. If you are using a cable internet (Ethernet connection), disconnect the Ethernet cable.


    Re-Launch Safari but don’t forget to press and hold the Shift button while doing it, so no previous pages can be opened up. Now, Click on Preferences in the Safari menu,

    Preferences in Safari

    and then again on the Extensions tab,

    extensions in safari

    Select and Uninstall any extensions that you don’t recognize by clicking on the Uninstall button. If you are not sure and don’t want to take any risks you can safely uninstall all extensions, none are required for normal system operation.

    The threat has likely infected all of your browsers. The instructions below need to be applied for all browsers you are using.

    Again select Preferences in the Safari Menu, but this time click on the Privacy tab,
    Privacy in Safari

    Now click on Remove All Website Data, confirm with Remove Now. Keep in mind that after you do this all stored website data will be deleted. You will need to sign-in again for all websites that require any form of authentication.

    Still in the Preferences menu, hit the General tab

    General Tab in Safari

    Check if your Homepage is the one you have selected, if not change it to whatever you prefer.
    Default Home Page

    Select the History menu this time, and click on Clear History. This way you will prevent accidentally opening a problematic web page again.

     How to Remove CloudMensis From Firefox in OSX:

    Open Firefoxclick on mozilla menu (top right) ——-> Add-onsHit Extensions next.

    pic 6

    The problem should be lurking somewhere around here –  Remove it. Then Refresh Your Firefox Settings.

    How to Remove CloudMensis From Chrome in OSX:

     Start Chrome, click chrome menu icon —–>More Tools —–> Extensions. There,  find the malware and  select  chrome-trash-icon.

    pic 8

     Click chrome menu icon again, and proceed to Settings —> Search, the fourth tab, select Manage Search Engines.  Delete everything but the search engines you normally use. After that Reset Your Chrome Settings.

    If the guide doesn’t help, download the anti-virus program we recommended or try our free online virus scanner. Also, you can always ask us in the comments for help!


    About the author


    Violet George

    Violet is an active writer with a passion for all things cyber security. She enjoys helping victims of computer virus infections remove them and successfully deal with the aftermath of the attacks. But most importantly, Violet makes it her priority to spend time educating people on privacy issues and maintaining the safety of their computers. It is her firm belief that by spreading this information, she can empower web users to effectively protect their personal data and their devices from hackers and cybercriminals.

    Leave a Comment