New Mac Malware ‘Cuckoo’: A Rising Threat to Your Apple Devices

Share

New Mac Malware ‘Cuckoo’: A Rising Threat to Your Apple Devices

Key Takeaways:

  • Cuckoo, named by Kandji researchers, is a new form of Mac malware targeting both new and old variants, and behaves like an infostealer and spyware.
  • After downloading a dubious music conversion application, the malware initiates its malicious activity, tricking users into granting it system privileges, and then persists even after system reboot.
  • To prevent falling victim to Cuckoo, avoid visiting piracy sites and consider using reputable antivirus software, which offers more frequent updates and additional features, beside Apple’s XProtect.

Grappling with the New Cuckoo Malware

Mac users need to amp up their cybersecurity as there’s a new threat in town – Cuckoo. This new malware, reported by The Hacker News, and named by Kandji security researchers, targets both new Macs running Apple Silicon and older Macs that use Intel. The distinctive feature setting Cuckoo apart is its dual behavior that mimics that of infostealer malware and spyware.

Cuckoo’s Modus Operandi

Kandji researchers Adam Kohler and Christopher Lopez first discovered Cuckoo when they stumbled on a Mach-O binary that had gone undetected on the malware-tracking site, VirusTotal. It was aptly named “DumpMedia Spotify Music Converter,” which raised suspicions.

Further exploration revealed a site called dumpmedia[.]com, which hosts an array of apps that help users illicitly convert music from streaming services to MP3 files. Currently, Cuckoo’s primary distribution channel is music piracy sites, but there’s a risk that it can switch to propagate through other fake apps.

The entry point for the malware is the DumpMedia Spotify Music Converter app. Unlike conventional macOS apps, this one invites users to initiate it by right-clicking and selecting open.

Establishing Persistence and Escalating Privileges

Cuckoo’s malicious activity starts once it’s downloaded. It first asks users to input their password through a false prompt, leveraging a ploy used by the MacStealer malware. On acquiring the system password, Cuckoo boosts its privileges on the infected machine. It then begins to analyze installed apps, take screenshots, and gathers data from sources like iCloud Keychain, Apple Notes, web browsers, crypto wallets, and apps such as Discord, FileZilla, Steam, and Telegram.

Cuckoo adopts the LaunchAgent technique to persist on the Mac, ensuring its activity restarts after a reboot. It also checks the Mac’s location and refrains from stealing sensitive data if the device is in Armenia, Belarus, Kazakhstan, Russia, or Ukraine.

Safeguarding Your Mac from Cuckoo

Cuckoo disseminates mainly through piracy websites, which are notorious for their malware risks. These illegal activities also harm creators. Therefore, it is advisable to keep off such websites.

Does this mean your Mac is vulnerable? Not necessarily. Macs come with a built-in antivirus software – Apple’s XProtect. It offers decent protection, but you may want to supplement it with other robust Mac antivirus programs.

Paid antivirus programs offer frequent updates, more features, and often provide additional services such as access to a Virtual Private Network (VPN) or password manager, providing robust protection against emerging threats like Cuckoo.

In conclusion, it’s crucial to stay vigilant and practice safe browsing habits. One way to keep Cuckoo at bay is to avoid websites offering unlawful music download services.

Share

Categories : Cybersecurity,Malware
Tags : antivirus programs, Apple virus, Cuckoo, infostealer malware, Mac malware, music piracy, software safety, spyware, system password, system privileges

Leave a Reply

Your email address will not be published. Required fields are marked *

Other Blog Post

Our Services

Website Instant is a ready-to-use website solution that offers effortless editing and includes all the essential features you need. This…
Fast Building
Free Instalation
Free Domain .com*
Free Hosting*
Free Update And Support*
× Custom Design*
× Custom Feature*
× Drag And Drop Editing*

Start From

Rp. 999.000

Website Craft is a custom development website solution tailored to your unique needs, offering full flexibility in design and functionality….
× Fast Building
Free Instalation
Free Domain .com*
Free Hosting*
Free Update And Support*
Custom Design*
Custom Feature*
Drag And Drop Editing*

Start From

Rp. 2.500.000

Website Forge is a premium custom website service designed for those requiring a unique and sophisticated online presence. This bespoke…
× Fast Building
Free Instalation
Free Domain .com*
Free Hosting*
Free Update And Support*
Custom Design*
Custom Feature*
Drag And Drop Editing*

Start From

Rp. 8.500.000

Contact Us

Feel free to reach out to us with any inquiries or to discuss your next project. Our team is here to provide you with expert advice and tailor solutions to your needs.