macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge
May 10, 2024, 8:54 a.m.
Description
This analysis discusses the emergence of a new macOS malware family called 'Cuckoo Stealer', which acts as an infostealer and spyware. It describes Cuckoo Stealer's main features, logic, and provides indicators of compromise to assist threat hunters and defenders. The malware employs techniques like obfuscation, scraping admin passwords, and installing persistence mechanisms. Although attempts were made to conceal its behavior, analysis reveals similarities with other recent infostealers targeting macOS devices. SentinelOne's Singularity XDR platform detects and prevents the execution of Cuckoo Stealer, protecting customers from this emerging threat.
Date
| Published | Created | Modified |
|---|---|---|
| May 10, 2024, 8:31 a.m. | May 10, 2024, 8:31 a.m. | May 10, 2024, 8:54 a.m. |
Indicators
d8c3c7eedd41b35a9a30a99727b9e0b47e652b8f601b58e2c20e2a7d30ce14a8
a709dacc4d741926a7f04cad40a22adfc12dd7406f016dd668dd98725686a2dc
39f1224d7d71100f86651012c87c181a545b0a1606edc49131730f8c5b56bdb7
1827db474aa94870aafdd63bdc25d61799c2f405ef94e88432e8e212dfa51ac7
Attack Patterns
Cuckoo Stealer
T1557.001
T1548.001
T1592.002
T1555.003
T1059.004
T1555
T1083