Security researchers have recently unveiled a new malware threat targeting macOS, which they’ve named “Cuckoo.” This malware, reminiscent of the brood parasitic behavior of its namesake bird, infiltrates macOS systems to steal resources and personal data. Detected on April 24th, 2024, Cuckoo was first identified in a Mach-O binary file masquerading as a legitimate application called “DumpMediaSpotifyMusicConverter,” which purports to convert Spotify music to MP3 format. This malware is versatile, functioning on both Intel and ARM-based Macs, indicating its capability to affect a broad range of devices.
Cuckoo’s method of entry into systems typically involves a disk image (DMG) file downloaded from a suspicious website mimicking legitimate services. Once executed, the malware conducts a series of checks to determine the suitability of the infected system for its nefarious purposes. Interestingly, it avoids infecting systems located in specific Eurasian countries like Armenia, Belarus, Kazakhstan, Russia, and Ukraine, suggesting a targeted approach in its operations.
Upon confirming a system as a viable target, Cuckoo commences its malicious activities. It is designed to perform extensive data theft, which includes harvesting keychain data, screen captures, webcam images, browsing histories, cookies, and even logs from messaging apps such as WhatsApp and Telegram. The malware also targets sensitive financial information by extracting details from cryptocurrency wallets, SSH keys, and other authentication credentials. This stolen data is subsequently sent to a command-and-control server managed by the attackers.
To ensure its continued operation and evasion from detection, Cuckoo installs a launch agent that allows it to persist even after the system reboots. Additionally, the malware employs advanced techniques to encrypt its network traffic and only activates its malicious components under specific conditions to avoid exposure. This level of sophistication in both functionality and evasion tactics makes Cuckoo a potent and concerning threat to macOS users, emphasizing the need for vigilance and robust cybersecurity measures.