Security experts warn users of Cuckoo, a new Mac malware that steals all your data | Technology News

Cybersecurity experts have discovered a new malware infecting Intel and Apple Silicon-powered Macs. Dubbed ‘Cuckoo’, the malware also doubles up as spyware, stealing sensitive information like passwords and crypto wallets.

According to The Hacker News, the malware was first discovered by the device management company Kandji. Security experts Adam Kohler and Christopher Lopez, who work for Kandji say that they recently came across an undetected Mach-O binary on the popular threat tracking website VirusTotal named “DumpMedia Spotify Music Converter”.

When they searched for the name of the program on Google, the researchers discovered that it was distributed on a website called “dumpmedia” which allows users to illegally download music from streaming services like Spotify by converting the songs into MP3 files. It was later also distributed using the same method on websites like tunesolo, fonedog, tunesfun and funefab to name a few.

What sets Cuckoo apart from other malware is that it acts as a combination of infostealer malware and spyware and that it can affect both new and old Macs.

Cuckoo Mac malware Cuckoo steals information from apps like Telegram and can also take screenshots of everything you do. (Image Source: Kandji)

How does Cuckoo work and what does it do?

After users download the DumpMedia Spotify Music Converter or any other music converter apps from the list above, the spyware asks users to right-click on the file and press the ‘Open’ button. This is sketchy as you can simply install macOS apps by dragging them into the Applications folder.

Festive offers

Since the app lacks a developer ID, Apple will try to stop the program from running on your system, but users can manually override the settings and let the program run.

Cybersecurity experts say just like the MacStealer malware, Cuckoo makes use of a script that displays a fake password prompt to steal your system password. After it steals the user password, it can then easily get system privileges on the machine.

Using this elevated privilege, the malware then creates a list of installed apps, takes screenshots and steals information from apps like Apple Notes, internet browsers, crypto wallets and even messaging apps like Telegram and Discord. The malware also uses a technique called LaunchAgent, making it possible for the malware to get back into action even when the user reboots their laptop or desktop.

How do I protect myself from cuckoos?

Since the malware is often distributed via apps that allow users to download pirated music from streaming services, make sure you avoid installing apps from any such sites. Also, refrain from running programs on macOS that do not have a developer ID unless they are from a source you trust.