Cybersecurity experts have uncovered a new malware threat targeting Intel and Apple Silicon-powered Macs, named ‘Cuckoo’. This malicious software not only infects the system but also acts as spyware, stealing sensitive information such as passwords and crypto wallets.
The discovery of ‘Cuckoo’ was made by security experts Adam Kohler and Christopher Lopez from Kandji, a device management company. They stumbled upon an undetected Mach-O binary on VirusTotal named “DumpMedia Spotify Music Converter”. Further investigation revealed that the malware was distributed through websites like dumpmedia, tunesolo, fonedog, and others, offering illegal downloads of music from streaming services like Spotify.
What sets ‘Cuckoo’ apart is its dual functionality as both infostealer malware and spyware, capable of affecting both new and old Macs. The malware can steal information from various apps, take screenshots, and even gain system privileges by tricking users into entering their passwords through fake prompts.
To protect against ‘Cuckoo’, cybersecurity experts advise users to avoid downloading apps from suspicious websites offering pirated content. Additionally, users should be cautious when running programs on macOS that do not have a verified developer ID, unless they are from a trusted source.
With the increasing sophistication of malware like ‘Cuckoo’, it is crucial for Mac users to stay vigilant and adopt best practices for cybersecurity to safeguard their personal information and digital assets.