MacBook Users Alert: New Dangerous Malware Can Expose All Your Passwords
All MacBook users, old and new face a big malware threat that is capable of stealing data without alarming them. The new macOS malware is being dubbed as a spyware which leaves both Intel and ARM (M-series silicone) under major risk from hackers.
Security researchers are calling the malware Cuckoo and as mentioned here, this has come via a device management company called Kandji. The most worrying part about Cuckoo is that researchers have observed it behave like a cross between a malware and a spyware, which is one of the dangerous kinds.
MACOS CUCKOO SPYWARE: HOW IT POSES A BIG THREAT
The most curious aspect of the spyware and its targeted source is via a website that helps you with apps to pirate music from streaming sites into MP3 files which sounds too good to be true. Relying on music streaming sites as the vehicle to push the malware seems like a tempting way to get people to listen to music without paying the hefty subscription charges.
The researchers went in-depth to see how these apps behave and they noticed that it had an application bundle which is not required for a macOS app that can open with a single click rather than going to multiple loops to open it.
The team noticed that the app bundle was hosted without a developer ID on macOS which is a big enough red flag for Apple to notice and detect something is wrong. But the problem is that people were tempted enough to run the apps on their system manually which made it easy for the malware to bypass the device security and do the dirty work.
But the concerns don’t end there. Once the malware is activated, it displays a fake password prompt, and if the person puts their credentials then the hackers have access to these details and can even use it to steal data from other accounts thanks to the iCloud Keychain that has all the passwords stored.
CUCKOO MACOS MALWARE ISSUE: HOW TO PROTECT YOUR MAC
The best way to avoid falling for the Cuckoo is to avoid installing apps or downloading files that claim to give you music in MP3 files. Piracy is definitely avoidable and when you have malware like this on the prowl, the need is evident.