New Mac Malware “Cuckoo” Spies on Your System
Researchers from Kandjii have identified a new piece of malicious software named Cuckoo, targeted at Apple macOS systems. This malware not only establishes a persistent presence in infected systems but also performs a range of dangerous espionage functions.
Cuckoo is a universal binary file in Mach-O format, capable of operating on Apple computers with both Intel and Arm processors. While the exact methods of distribution remain unclear, it has been observed that the malware spreads through various websites such as “dumpmedia[.]com” and “tunesfun[.]com,” which offer both free and paid applications for downloading music from streaming services.
The DMG file downloaded from these sites triggers a bash script that gathers system information and checks whether the victim’s computer is located in Russia, Belarus, Kazakhstan, Armenia, or Ukraine. The virus activates only if the compromised device is situated in any other country.
Cuckoo also uses the LaunchAgent technique to ensure its persistence in the system, a method previously employed by other malware families. Moreover, the virus uses the “osascript” tool to display a fake password request, attempting to obtain elevated system privileges from the user.
According to Adam Koler and Christopher Lopez, researchers at Kandjii, the Cuckoo malware actively searches for files from specific applications to maximize the effective extraction of information from the system. Thus, the virus is capable of extracting data about hardware, current processes, installed applications, taking screenshots, and retrieving data from iCloud Keychain, the built-in Notes app, browsers, cryptocurrency wallets, and applications such as Discord, FileZilla, Steam, and Telegram.
This discovery follows Kandjii’s recent identification of another malicious software named CloudChat, which masquerades as a secure messaging app and targets macOS users whose IP addresses do not indicate presence in China.
Consequently, to protect their devices, users must install software only from trustworthy sources, regularly update their operating system and antivirus programs, and monitor the permissions requested by applications. Meanwhile, heightened vigilance and awareness of current cyber threats will further secure their devices and data.