The malware, dubbed Cuckoo, was caught being distributed with a Spotify music downloader
Mac users, beware. There’s a new malware hiding amongst third-party apps that can steal your sensitive data. Everything from your Mac’s hardware information, your notes, and saved passwords can be stolen. It can even capture screenshots of your computer while you use it.
This malware has been named Cuckoo by Kandji, an Apple device security company which recently published a report about its discovery. Here are some of the most alarming details about Cuckoo.
Where Cuckoo was found hiding
According to Kandji’s report, Cuckoo was initially found packaged with a Spotify music downloader app called “DumpMedia Spotify Music.” The app claims to help users rip music off of Spotify so they can directly download the audio file as an MP3.
Upon further investigation, however, Cuckoo was discovered with a number of other third-party music downloader apps and iPhone/Android backup software distributed by websites such as “tunesolo[.]com, fonedog[.]com, tunesfun[.]com, tunefab[.]com.”
The report focuses on the DumpMedia Spotify Music app, which is where Cuckoo was initially discovered — and lays out some interesting details. For example, after downloading most legitimate Mac apps distributed outside of Apple’s official App Store, a user is usually asked to drag the app from the .DMG file to the computer’s Applications folder. However, in the case of the DumpMedia Spotify Music, the user is directed to right-click the app and choose “Open.”
From there, the malware starts gathering information from the host device. The Mac user who initiated the download would be none the wiser, however, as Kandji’s report notes that the DumpMedia Spotify Music proceeds to install and open in order to obscure the malware.
What does Cuckoo steal?
Once the user installs the DumpMedia Spotify Music app, Cuckoo gets right to work.
According to Kandji, Cuckoo gathers hardware details about the Mac, along with information about installed apps and processes that are currently running on the computer.
Cuckoo can steal a substantial amount of user information from the Mac, too. It pulls data from Apple Notes and messaging apps, including Discord and Telegram.
It can collect Safari web-browsing history and cookies, as well as sensitive data stored in iCloud Keychain. Cuckoo can also grab real-time data, as it can take screenshots without the user being aware that their current screen is being recorded.
Kandji says that the malware can target the older Intel-based Macs as well as the new Silicon Macs (M1, M2, M3, etc.).
All of the apps, but one, that were discovered to contain Cuckoo malware were registered to a “valid Developer ID of Yian Technology Shenzhen Co., Ltd.” Fonedog’s developer ID was tied to a developer ID of FoneDog Technology Limited. Kandji believes there are other websites and applications out there hosting the Cuckoo malware that have still yet to be discovered.
Mac users should proceed with caution when downloading any apps from unknown, third-party developers.
