Another nasty Mac malware is spoofing legitimate software to target macOS users

News
By published

New version of Cuckoo malware spoofs existing macOS software

Illustration of a laptop with a magnifying glass exposing a beetle on-screen
(Image credit: Shutterstock / Kanoktuch)

Cybersecurity researchers from Intego have discovered new variants of the dreaded Cuckoo malware that targets macOS users.

For those unfamiliar with the name, Cuckoo is an infostealer targeting Mac devices running both on Intel and ARM silicon. 

Intego’s researchers now say they have found a new variant that was pretending to be Homebrew, a popular macOS software package manager. The attackers set up a fake landing page, seemingly identical to the authentic Homebrew page, which deployed the infostealer.

Poisoning Google Ads

In early May 2024, Mac security provider Kandji said the malware “queries for specific files associated with specific applications, in an attempt to gather as much information as possible from the system." Apparently, Cuckoo was looking for hardware information, currently running processes, and installed applications. 

Among its key features are the ability to take screenshots, harvest data from iCloud Keychains, Apple notes, web browsers, different apps (Discord, Telegram, Steam, and more), and grab cryptocurrency wallet data.

The threat was being distributed via fake software, a program claiming to be able to rip music from streaming services into .MP3 files.

While setting up a fake website is easy, getting people to visit it is infinitely harder. Intego believes that to get people to visit the website, the attackers engaged in Google Ads poisoning, obtaining access to Google Ads accounts with cleared and running campaigns, and modifying them (or running new campaigns) to generate traffic.

“We recommend that consumers get out of the habit of “just Google it” to find legitimate sites,” the researchers said. “Such habits often include clicking on the first link without giving it much thought, under the assumption that Google won’t lead them astray, and will give them the correct result right at the top. Malware makers know this, of course, and that’s why they’re paying Google for the number-one position.”

Instead of Googling popular websites, users are advised to type in the address themselves, or to bookmark the sites.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Mac users targeted with new malware, so be on your guard
Illustration of a laptop with a magnifying glass exposing a beetle on-screen
This devious macOS malware is evading capture by using Apple's own encryption
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
These fake macOS updates are actually just looking to spread malware
Image of laptop infected with malware threat
This devious new macOS malware disguises itself as Chrome, Zoom installers
Ransomware
Microsoft spies a new and worrying macOS malware strain
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Latest in Security
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
WordPress on a laptop
Over 20,000 WordPress sites hit by damaging malware campaign
Trojan
WhatsApp patches security flaw which let hackers install spyware
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedly left users exposed for months
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 21 (game #1152)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 21 (game #383)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 21 (game #649)
The ASSC Assassin's Creed collection.
The Assassin's Creed x Anti Social Social Club drop includes gaming merch that I wouldn't be embarrassed to wear
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Boston Dynamics all electric Altas
This robot can do a cartwheel better than me and now I'm freaking out – but in a good way
More about security
Lock on Laptop Screen

Data breach at Pennsylvania education union potentially exposes 500,000 victims
Trojan

WhatsApp patches security flaw which let hackers install spyware
The ASSC Assassin's Creed collection.

The Assassin's Creed x Anti Social Social Club drop includes gaming merch that I wouldn't be embarrassed to wear
See more latest
Most Popular
The ASSC Assassin's Creed collection.
The Assassin's Creed x Anti Social Social Club drop includes gaming merch that I wouldn't be embarrassed to wear
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 21 (game #1152)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 21 (game #383)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 21 (game #649)
Living room with Microsoft Xbox Series X (L) and Sony PlayStation 5 home video game consoles alongside a television and soundbar, taken on November 3, 2020.
The PS5 is currently selling faster than the PS4 did in the US, but I'm surprised to discover that the Xbox Series X and S are trailing behind Xbox One
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Samsung Galaxy Tab S9 FE Plus on a desk showing the rear of the device from above
The Samsung Galaxy Tab S10 FE could be a powerful iPad Air rival, based on the latest specs rumors
Trojan
WhatsApp patches security flaw which let hackers install spyware
God of War 20th anniversary vinyl box set.
The God of War 20th anniversary vinyl box set features 13 discs and 150 remastered songs
Boston Dynamics all electric Altas
This robot can do a cartwheel better than me and now I'm freaking out – but in a good way