Malware: Behaves Like Cross Between Infostealer and Spyware

May 3, 2024, 10:50 a.m.

Description

On April 24, 2024, we found a previously undetected malicious Mach-O binary programmed to behave like a cross between spyware and an infostealer. We have named the malware Cuckoo, after the bird that lays its eggs in the nests of other birds and steals the host's resources for the gain of its young.

External References

https://blog.kandji.io/malware-cuckoo-infostealer-spyware
https://otx.alienvault.com/pulse/6634bd0d6056f4ec3dd86b82
Tags
infostealer
2024-05-03
spyware
cuckoo

Date

  • Created: May 3, 2024, 10:31 a.m.
  • Published: May 3, 2024, 10:31 a.m.
  • Modified: May 3, 2024, 10:50 a.m.

Indicators

  • d8c3c7eedd41b35a9a30a99727b9e0b47e652b8f601b58e2c20e2a7d30ce14a8
  • a709dacc4d741926a7f04cad40a22adfc12dd7406f016dd668dd98725686a2dc
  • 7a45639f768144799d608a4bbabf144fc1e3c016a7d665775c6314a0c71540f1
  • 39f1224d7d71100f86651012c87c181a545b0a1606edc49131730f8c5b56bdb7
  • 702fee1d3836cc14102ec2dfbf1e6706c2e359a8e38403d82789ba7d717cfc77
  • 1827db474aa94870aafdd63bdc25d61799c2f405ef94e88432e8e212dfa51ac7
  • 254663d6f4968b220795e0742284f9a846f995ba66590d97562e8f19049ffd4b
  • 146.70.80.123
  • http://tunesolo.com
  • http://tunesfun.com
  • http://tunefab.com
  • http://fonedog.com
  • http://dumpmedia.com
  • dumpmedia.com
  • fonedog.com
  • tunesolo.com
  • tunefab.com
  • tunesfun.com
Download all indicators here!

Attack Patterns

  • Cuckoo