A new variant of Cuckoo malware has been identified, posing a significant threat to macOS users. This malware is capable of disguising itself as legitimate software and has been reported to steal sensitive information using advanced tactics to deceive users into downloading it.
The latest variant of Cuckoo targets Mac devices running on both Intel and ARM chips and can mimic popular software like Homebrew. By creating a fake website resembling the official Homebrew site, the attackers aim to trick users into downloading the malware.
In addition to its deceptive tactics, Cuckoo can extract a wide range of system information, including hardware details, running processes, installed applications, screenshots, data from iCloud Keychain, Apple Notes, web browsers, and even cryptocurrency wallet information.
Previously, Cuckoo was distributed through fake software, such as programs claiming to rip music from streaming services into MP3 files. However, the latest campaign involves a more sophisticated method known as Google Ads poisoning, where attackers manipulate active Google Ads accounts to direct traffic to their fake website.
To mitigate the risk of falling victim to Cuckoo malware, users are advised to refrain from using Google Search to access websites and instead, manually enter website addresses or use browser bookmarks to access legitimate sites.