Today > | 7 High | 24 Medium | 8 Low vulnerabilities   -   You can now download lists of IOCs here!

Malware: Behaves Like Cross Between Infostealer and Spyware

May 3, 2024, 10:50 a.m.

Description

On April 24, 2024, we found a previously undetected malicious Mach-O binary programmed to behave like a cross between spyware and an infostealer. We have named the malware Cuckoo, after the bird that lays its eggs in the nests of other birds and steals the host's resources for the gain of its young.

Date

Published: May 3, 2024, 10:31 a.m.

Created: May 3, 2024, 10:31 a.m.

Modified: May 3, 2024, 10:50 a.m.

Indicators

d8c3c7eedd41b35a9a30a99727b9e0b47e652b8f601b58e2c20e2a7d30ce14a8

a709dacc4d741926a7f04cad40a22adfc12dd7406f016dd668dd98725686a2dc

7a45639f768144799d608a4bbabf144fc1e3c016a7d665775c6314a0c71540f1

39f1224d7d71100f86651012c87c181a545b0a1606edc49131730f8c5b56bdb7

702fee1d3836cc14102ec2dfbf1e6706c2e359a8e38403d82789ba7d717cfc77

1827db474aa94870aafdd63bdc25d61799c2f405ef94e88432e8e212dfa51ac7

254663d6f4968b220795e0742284f9a846f995ba66590d97562e8f19049ffd4b

146.70.80.123

http://tunesolo.com

http://tunesfun.com

http://tunefab.com

http://fonedog.com

http://dumpmedia.com

dumpmedia.com

fonedog.com

tunesolo.com

tunefab.com

tunesfun.com

Attack Patterns

Cuckoo

T1081

T1119

T1074

T1012

T1555

T1113

T1082

T1083

T1132

T1033

T1560

T1056