macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge

May 10, 2024, 8:54 a.m.

Description

This analysis discusses the emergence of a new macOS malware family called 'Cuckoo Stealer', which acts as an infostealer and spyware. It describes Cuckoo Stealer's main features, logic, and provides indicators of compromise to assist threat hunters and defenders. The malware employs techniques like obfuscation, scraping admin passwords, and installing persistence mechanisms. Although attempts were made to conceal its behavior, analysis reveals similarities with other recent infostealers targeting macOS devices. SentinelOne's Singularity XDR platform detects and prevents the execution of Cuckoo Stealer, protecting customers from this emerging threat.

External References

https://www.sentinelone.com/blog/macos-cuckoo-stealer-ensuring-detection-and-defense-as-new-samples-rapidly-emerge/
https://otx.alienvault.com/pulse/663ddb61f90a0b40f00447de
Tags
obfuscation
infostealer
persistence
macos
spyware
2024-05-05
2024-05-06
2024-05-07
2024-05-08
cuckoo stealer
2024-05-09
2024-05-10

Date

  • Created: May 10, 2024, 8:31 a.m.
  • Published: May 10, 2024, 8:31 a.m.
  • Modified: May 10, 2024, 8:54 a.m.

Indicators

  • d8c3c7eedd41b35a9a30a99727b9e0b47e652b8f601b58e2c20e2a7d30ce14a8
  • a709dacc4d741926a7f04cad40a22adfc12dd7406f016dd668dd98725686a2dc
  • 39f1224d7d71100f86651012c87c181a545b0a1606edc49131730f8c5b56bdb7
  • 1827db474aa94870aafdd63bdc25d61799c2f405ef94e88432e8e212dfa51ac7
Download all indicators here!

Attack Patterns

  • Cuckoo Stealer
  • T1557.001
  • T1548.001
  • T1592.002
  • T1555.003
  • T1059.004
  • T1555
  • T1083