Malware: Behaves Like Cross Between Infostealer and Spyware
May 3, 2024, 10:50 a.m.
Tags
External References
Description
On April 24, 2024, we found a previously undetected malicious Mach-O binary programmed to behave like a cross between spyware and an infostealer. We have named the malware Cuckoo, after the bird that lays its eggs in the nests of other birds and steals the host's resources for the gain of its young.
Date
Published: May 3, 2024, 10:31 a.m.
Created: May 3, 2024, 10:31 a.m.
Modified: May 3, 2024, 10:50 a.m.
Indicators
d8c3c7eedd41b35a9a30a99727b9e0b47e652b8f601b58e2c20e2a7d30ce14a8
a709dacc4d741926a7f04cad40a22adfc12dd7406f016dd668dd98725686a2dc
7a45639f768144799d608a4bbabf144fc1e3c016a7d665775c6314a0c71540f1
39f1224d7d71100f86651012c87c181a545b0a1606edc49131730f8c5b56bdb7
702fee1d3836cc14102ec2dfbf1e6706c2e359a8e38403d82789ba7d717cfc77
1827db474aa94870aafdd63bdc25d61799c2f405ef94e88432e8e212dfa51ac7
254663d6f4968b220795e0742284f9a846f995ba66590d97562e8f19049ffd4b
146.70.80.123
http://tunesolo.com
http://tunesfun.com
http://tunefab.com
http://fonedog.com
http://dumpmedia.com
dumpmedia.com
fonedog.com
tunesolo.com
tunefab.com
tunesfun.com
Attack Patterns
Cuckoo
T1081
T1119
T1074
T1012
T1555
T1113
T1082
T1083
T1132
T1033
T1560
T1056