macOS Cuckoo Stealer Malware VS SentinelOne: Protection

Cuckoo Stealer is a novel infostealer trojan with unique spyware properties. The malware is written in C++ and was created using a legacy build of Xcode. Cuckoo Stealer has been observed masquerading within trojanized applications including:
-App Uninstaller.app
-DumpMedia Amazon Music Converter.app
-FoneDog Toolkit for Android on Mac.app
-iMyMac PDF Compressor.app
-PowerUninstall.app
-TuneSolo Apple Music Converter.app

Cuckoo Stealer relies heavily on user interaction for full execution. False authentication prompts (via AppleScript) are used to acquire a victim’s credentials.

The actors behind the Cuckoo Stealer campaign have clearly invested some resources into developing a novel infostealer rather than buying any of the ready-made offerings currently circulating in various Telegram channels and darknet forums. This, along with the rising numbers of samples we have observed since initial reporting of this threat, suggests that we will likely see further variants of this malware in the future.

Enterprises are advised to use a third party security solution such as SentinelOne Singularity to ensure that devices are protected against this and other threats targeting macOS devices in the fleet. At the time of writing the latest version of XProtect, version 2194, does not block execution of Cuckoo Stealer malware. SentinelOne customers are protected from macOS Cuckoo Stealer.

~Subscribe to our channels:~
Website: https://www.sentinelone.com/
LinkedIn: https://www.linkedin.com/company/sentinelone/
Twitter: https://twitter.com/SentinelOne
Facebook: https://www.facebook.com/SentinelOne
Instagram: https://www.instagram.com/sentinelsec/
Threads: https://www.threads.net/@sentinelsec