Mac users,Belgium beware. There's a new malware hiding amongst third-party apps that can steal your sensitive data. Everything from your Mac's hardware information, your notes, and saved passwords can be stolen. It can even capture screenshots of your computer while you use it.
This malware has been named Cuckoo by Kandji, an Apple device security company which recently published a report about its discovery. Here are some of the most alarming details about Cuckoo.
According to Kandji's report, Cuckoo was initially found packaged with a Spotify music downloader app called "DumpMedia Spotify Music." The app claims to help users rip music off of Spotify so they can directly download the audio file as an MP3.
Upon further investigation, however, Cuckoo was discovered with a number of other third-party music downloader apps and iPhone/Android backup software distributed by websites such as "tunesolo[.]com, fonedog[.]com, tunesfun[.]com, tunefab[.]com."
The report focuses on the DumpMedia Spotify Music app, which is where Cuckoo was initially discovered — and lays out some interesting details. For example, after downloading most legitimate Mac apps distributed outside of Apple's official App Store, a user is usually asked to drag the app from the .DMG file to the computer's Applications folder. However, in the case of the DumpMedia Spotify Music, the user is directed to right-click the app and choose "Open."
From there, the malware starts gathering information from the host device. The Mac user who initiated the download would be none the wiser, however, as Kandji's report notes that the DumpMedia Spotify Music proceeds to install and open in order to obscure the malware.
Once the user installs the DumpMedia Spotify Music app, Cuckoo gets right to work.
According to Kandji, Cuckoo gathers hardware details about the Mac, along with information about installed apps and processes that are currently running on the computer.
Cuckoo can steal a substantial amount of user information from the Mac, too. It pulls data from Apple Notes and messaging apps, including Discord and Telegram.
It can collect Safari web-browsing history and cookies, as well as sensitive data stored in iCloud Keychain. Cuckoo can also grab real-time data, as it can take screenshots without the user being aware that their current screen is being recorded.
Kandji says that the malware can target the older Intel-based Macs as well as the new Silicon Macs (M1, M2, M3, etc.).
All of the apps, but one, that were discovered to contain Cuckoo malware were registered to a "valid Developer ID of Yian Technology Shenzhen Co., Ltd." Fonedog's developer ID was tied to a developer ID of FoneDog Technology Limited. Kandji believes there are other websites and applications out there hosting the Cuckoo malware that have still yet to be discovered.
Mac users should proceed with caution when downloading any apps from unknown, third-party developers.
Topics Apple Cybersecurity
Previous:Hang the Landlord
The Secret Policeman at the Marathon
'Lost in Space' is fun sci
Jurassic 'World Evolution' is the dino video game of our childhood dreams
'Where's Waldo?' is hiding in Google Maps for April Fool's Day
Remembering Philip Levine’s Poetics of Labor
People are thrilled to see Bill and Ted back together
EPA instructs staff to emphasize uncertainties in climate science
Huawei MateBook X Pro is a MacBook Pro copy that's better than the original
Voting off the Apprentice President
Volkswagen unveils Atlas Tanoak pickup truck at New York Auto Show
The Silence of the Burbs
Idris Elba is keen to try his hand at more comedy roles – and a musical
Facebook stops apps, chatbots from joining platform during site audit
Apple adds Business Chat to iMessage to take on Facebook
Brain AWOL
New Zealand's privacy commissioner also deletes Facebook
'Alternative Maps' dives into the craziest cartography stories
We're on course for a permanently ice
Can Liberals Give Peace a Chance?
'Far Cry 5' support page confirms Boomer is a good dog
New research shows turmeric's potential health benefitsHow one girl helped lead the fight against child marriage in MalawiIndigenous people respond to dummies who got stuck on UluruJust 3% of Americans own nearly half of all guns, survey findsCapcom Cup's growing prize pool has reached nearly $350,000'Clash Royale' unseats 'Pokémon Go' after 74 days at top of App StoreA racial slur taints 'Real Housewives' and the explanation is pretty nutsHere are all the rumors why Brad Pitt and Angelina Jolie splitHere are all the rumors why Brad Pitt and Angelina Jolie splitHelicopter accidentally picks fight with a cow and loses spectacularly375 top scientists warn against Trump's plan to pull out of climate pactPipe bombs and pressure cookers don't necessarily mean a sophisticated attackerWoman horrified by possible fried rat found in her Popeyes mealBridal party carried adoptable puppies instead of bouquetsDonald Trump Jr. stole a refugee's photo for his anti5 charming Joe Biden & Jill Biden moments from the Social Good SummitHorrifying bejeweled crocs hit the runway at London Fashion WeekPeople are loving Skittles' response to Donald Trump Jr.'s refugee tweetThis is why Donald Trump Jr.'s Skittles meme makes no senseWorld leaders approve plan to tackle refugee crisis Scientists discover an exoplanet like a Star Wars world Scientists detect building block for life on Saturn's moon Enceladus James Webb telescope may have found a rocky exoplanet with an atmosphere Joro spider is rapidly spreading in the U.S. They're not after you. Afghanistan vs. Australia 2024 livestream: Watch T20 World Cup for free Webb telescope shows fantastic powers by zooming into rocky alien planet The plan to build a telescope the size of Washington, D.C., on the moon Xiaomi reportedly boosts production of electric vehicles to meet demand · TechNode Webb space telescope snaps pic of a very powerful, and unique, object How to watch 'Problemista' at home: When will the A24 film be streaming? A black hole is pointed at Earth. You're not in danger. Hearthstone earns over $140 million in 40 days after China return · TechNode How to check air quality near you as wildfire smoke pours into U.S. Scientists search near supernova for aliens trying to contact us China files WTO complaint over EV tariffs as trade talks stall · TechNode Justice Department convicts five men for running a huge illegal streaming service Bugatti's new $4 million Tourbillon has the wildest steering wheel ever Top Chinese smartphone brand suspends its foldable phone line: report · TechNode Samsung joins TSMC to halt supply of sub Webb telescope snaps image of solar system that's nothing like ours