How did CIS users manage to get full immunity from malware exposure?
Researchers from Kanjii have identified a new malware called Cuckoo, aimed at Apple macOS systems. This malicious software not only provides a permanent presence in infected systems, but also performs a number of dangerous espionage functions.
Cuckoo is a universal binary file in Mach-O format that can function on Apple computers with Intel and Arm processors. So far, the exact methods of spreading this virus are unclear, but it has been noticed that the malware is distributed through several sites, such as "dumpmedia[.<url>" and "tunesfun [.] com", which offer both free and paid apps for downloading music from streaming services.
The DMG file downloaded from these sites activates a bash script that collects information about the system and checks whether the victim's computer is located in Russia, Belarus, Kazakhstan, Armenia or Ukraine. The virus is activated only if the compromised device is located in any other country.
Cuckoo also uses the LaunchAgent technique to ensure persistence in the system, similar to methods previously used by other malware families. In addition, the virus uses the "osascript" tool to display a fake password request, trying to get elevated system privileges from the user.
According to Adam Kohler and Christopher Lopez, researchers at Kanjii, the Cuckoo malware actively searches for files of certain applications to collect information from the system as efficiently as possible. So, the virus is able to extract data about hardware, current processes, installed applications, take screenshots, and extract data from iCloud Keychain, the built-in notes app, browsers, crypto wallets, and applications such as Discord, FileZilla, Steam, and Telegram.
This discovery follows the recent discovery by Kanjii of another malware called CloudChat, which disguises itself as a secure messaging app and attacks macOS users whose IP addresses do not indicate that they are located in China.
Therefore, to protect your devices, it is important to install only software from trusted sources, regularly update the operating system and antivirus programs, and monitor the permissions requested by applications. Meanwhile, increased vigilance and awareness of current cyber threats will allow you to further secure your devices and data.
Researchers from Kanjii have identified a new malware called Cuckoo, aimed at Apple macOS systems. This malicious software not only provides a permanent presence in infected systems, but also performs a number of dangerous espionage functions.
Cuckoo is a universal binary file in Mach-O format that can function on Apple computers with Intel and Arm processors. So far, the exact methods of spreading this virus are unclear, but it has been noticed that the malware is distributed through several sites, such as "dumpmedia[.<url>" and "tunesfun [.] com", which offer both free and paid apps for downloading music from streaming services.
The DMG file downloaded from these sites activates a bash script that collects information about the system and checks whether the victim's computer is located in Russia, Belarus, Kazakhstan, Armenia or Ukraine. The virus is activated only if the compromised device is located in any other country.
Cuckoo also uses the LaunchAgent technique to ensure persistence in the system, similar to methods previously used by other malware families. In addition, the virus uses the "osascript" tool to display a fake password request, trying to get elevated system privileges from the user.
According to Adam Kohler and Christopher Lopez, researchers at Kanjii, the Cuckoo malware actively searches for files of certain applications to collect information from the system as efficiently as possible. So, the virus is able to extract data about hardware, current processes, installed applications, take screenshots, and extract data from iCloud Keychain, the built-in notes app, browsers, crypto wallets, and applications such as Discord, FileZilla, Steam, and Telegram.
This discovery follows the recent discovery by Kanjii of another malware called CloudChat, which disguises itself as a secure messaging app and attacks macOS users whose IP addresses do not indicate that they are located in China.
Therefore, to protect your devices, it is important to install only software from trusted sources, regularly update the operating system and antivirus programs, and monitor the permissions requested by applications. Meanwhile, increased vigilance and awareness of current cyber threats will allow you to further secure your devices and data.
