May 6, 2024 at 04:39AM
Cybersecurity researchers have discovered a new information stealer, Cuckoo by Kandji, targeting Apple macOS systems. It is capable of running on both Intel- and Arm-based Macs and establishes persistence by utilizing a LaunchAgent. The malware gathers extensive information from the system and tricks users into entering their passwords. It also masquerades as a privacy-oriented messaging app and is adept at grabbing crypto private keys and data.
From the meeting notes, the key points are:
1. Discovery of new information stealer malware targeting Apple macOS systems called Cuckoo by Kandji.
2. The malware is distributed through websites offering free and paid versions of applications dedicated to ripping music from streaming services.
3. It establishes persistence using a LaunchAgent and leverages osascript to display a fake password prompt for privilege escalation.
4. Capable of gathering information from the system, running commands to extract hardware information, capture running processes, query for installed apps, take screenshots, and harvest data from various applications and services.
5. Malicious applications are signed with Developer IDs of Yian Technology Shenzhen Co., Ltd and FoneDog Technology Limited.
6. Disclosure of another stealer malware codenamed CloudChat was exposed by an Apple device management company.
7. Discovery of a new variant of the AdLoad malware written in Go called Rload that’s engineered to evade the Apple XProtect malware signature list and is distributed through malicious websites.
Follow us on Twitter and LinkedIn for more exclusive content.
Let me know if there’s any additional information needed or if you would like me to provide a summary of the meeting notes.