Attacks with the new Cuckoo information-stealing malware with spyware features have been targeted at Intel- and Arm-based macOS devices, The Hacker News reports.
Malicious websites purporting to have free and paid versions of apps enabling the conversion of streaming music to MP3s have been leveraged to host the Cuckoo malware, which is a universal Mach-O binary, with the websites allowing the download of a disk image file that produces a bash shell that not only obtains host data but also checks device location prior to execution, according to a Kandiji report.
Aside from leveraging LaunchAgent to ensure persistence, the Cuckoo infostealer also uses osascript to allow privilege escalation before proceeding with hardware data extraction, current process and screenshot capturing, and data exfiltration from browsers, cryptocurrency wallets, and apps, including Discord, iCloud Keychain, and Telegram, researchers said.
Such findings follow a SentinelOne report detailing the emergence of a novel AdLoad malware variant aimed at Apple XProtect malware signature list bypass.