๐ŸŽฃ New โ€˜Cuckooโ€™ spyware is a โ€˜persistent threatโ€™

May 07 2024

.bh__table, .bh__table_header, .bh__table_cell { border: 1px solid #C0C0C0; }
.bh__table_cell { padding: 5px; background-color: #FFFFFF; }
.bh__table_cell p { color: #2D2D2D; font-family: ‘Helvetica’,Arial,sans-serif !important; overflow-wrap: break-word; }
.bh__table_header { padding: 5px; background-color:#F1F1F1; }
.bh__table_header p { color: #2A2A2A; font-family:’Trebuchet MS’,’Lucida Grande’,Tahoma,sans-serif !important; overflow-wrap: break-word; }

Gone Phishing Banner

Welcome to Gone Phishing, your daily cybersecurity newsletter that will never teach a man how to phish ๐ŸŽฃ๐Ÿ‘€๐Ÿ˜‚

Todayโ€™s hottest cybersecurity news stories:

  • โš ๏ธ Mac users beware! New โ€˜Cuckooโ€™ spyware is a โ€˜persistent threatโ€™ ๐Ÿ•ต๏ธ

  • ๐Ÿ“ฑ Xiaomi users beware! Multiple flaws across app, system components ๐Ÿ› ๏ธ

  • โ„๏ธ Finland warns of Android malware attacks breaching bank accounts ๐Ÿ’ธ

Weโ€™re living in cloud cuckoo land ๐Ÿคช

๐Ÿšจ Alert: New macOS Spyware Threat Detected ๐Ÿ•ต๏ธโ€โ™‚๏ธ

Cybersecurity experts uncover a new information-stealing malware targeting Apple macOS systems, codenamed Cuckoo by Kandji. ๐Ÿ

๐ŸŽฏ Sophisticated Design

Cuckoo is a versatile Mach-O binary capable of infiltrating both Intel and Arm-based Macs, amplifying its reach across diverse systems. ๐Ÿ’ป

๐Ÿ”’ Stealthy Distribution

While the precise dissemination method remains ambiguous, the malware is suspected to originate from sites offering free and paid versions of music ripping applications. ๐Ÿ“€

โš ๏ธ Infection Tactics

Cuckoo executes a bash shell upon disk image file download, conducting locale checks to avoid certain regions before establishing persistence through LaunchAgent. ๐Ÿ›ก๏ธ

๐Ÿ”‘ Deceptive Techniques

Similar to MacStealer, Cuckoo employs osascript to trick users with fake password prompts, enabling privilege escalation for nefarious activities. ๐Ÿ›ก๏ธ

๐Ÿ“‚ Data Harvesting Capabilities

The malware scans for specific files linked to various applications, extracting hardware info, capturing processes, and harvesting data from iCloud Keychain, browsers, crypto wallets, and popular apps. ๐Ÿ“Š

๐Ÿ” Signature Insights

Each malicious application bundle is meticulously crafted, often signed with valid Developer IDs, enhancing its camouflage. ๐Ÿ–Š๏ธ

๐ŸŒ Emerging Threat Landscape

This discovery follows recent exposures of other macOS threats like CloudChat and the AdLoad malware variant Rload, highlighting the evolving cyber risks faced by Apple users. ๐ŸŒ

๐Ÿ›ก๏ธ Combating the Threat

Staying vigilant against suspicious downloads and maintaining robust cybersecurity measures are crucial to thwarting such malware attacks. ๐Ÿ”

As cyber adversaries adapt and refine their tactics, ongoing vigilance and proactive defence strategies are essential to safeguarding macOS systems against evolving threats. ๐Ÿšจ๐Ÿ

Xiaomi one for the heads up ๐Ÿ˜‰

๐Ÿšจ Critical Vulnerabilities Discovered in Xiaomi Android Devices ๐Ÿ“ฑ

Mobile security firm Oversecured uncovers multiple vulnerabilities in Xiaomi Android devices, compromising system integrity and user data security. ๐Ÿ“ฑ

๐Ÿ› ๏ธ Affected Applications and Components

Twenty vulnerabilities affect various apps and system components, including Gallery, GetApps, Mi Video, MIUI Bluetooth, Phone Services, Print Spooler, Security, Settings, ShareMe, System Tracing, and Xiaomi Cloud. ๐Ÿ“‚

๐Ÿ”“ Exploitable Flaws

Notable vulnerabilities include shell command injections in the System Tracing app, file theft risks in the Settings app, and data leakage in the Mi Video app. ๐Ÿ˜จ

๐Ÿ”’ Legitimate Components Modified

Components like Phone Services, Print Spooler, Settings, and System Tracing, though from the Android Open Source Project (AOSP), are modified by Xiaomi, introducing additional functionality and vulnerabilities. ๐Ÿ› ๏ธ

๐Ÿ”จ Unpatched Memory Corruption

A memory corruption flaw in the GetApps app, originating from the LiveEventBus Android library, remains unaddressed despite being reported to project maintainers over a year ago. ๐Ÿ“…

๐Ÿ” Protecting User Data

Oversecured promptly reported the issues to Xiaomi, urging users to update their devices to the latest firmware to mitigate potential threats. ๐Ÿ›ก๏ธ

๐Ÿ” Ensuring Device Security

Users are advised to stay vigilant and apply timely updates to safeguard their Xiaomi devices against emerging security risks. ๐Ÿ“ฒ๐Ÿ”’

As cybersecurity threats evolve, maintaining device security through regular updates and proactive measures becomes imperative to protect sensitive data and ensure user privacy. ๐Ÿšจ๐Ÿ”

๐ŸŽฃ Catch of the Day!! ๐ŸŒŠ๐ŸŸ๐Ÿฆž

Stay ahead of the curve with Presspool.ai! ๐Ÿš€ Subscribe to their newsletter for the latest buzz in the information technology space, with a special focus on AI. Their slogan says it all: "Actionable marketing insights for the visionary AI executive." ๐Ÿค“๐Ÿ’ก Thatโ€™s us, alright! ๐Ÿคต How about you? Visionary AI executive, much? ๐Ÿ‘€

And if the newsletter gets your motor running then you can take a butchers at their cool AI marketing product too which is sure to help you make the most of our new artificial overlords and put them to work for your business ๐Ÿค–๐Ÿ‘ฉโ€๐Ÿ’ป๐ŸŒ

Rest assured, the process is very straightforward.

You simply:

๐Ÿ†• Sign Up & Create Campaign

๐Ÿ“Š Define your audience, budget, and message to captivate your audience.

๐Ÿš€ Launch your campaign, as Presspoolโ€™s AI matches it with ideal newsletter audiences for optimal reach and conversions. ๐ŸŽฏ

๐Ÿ•ต๏ธ Finally, you leverage real-time analytics to track performance and refine future strategies. ๐Ÿ“ˆ Elevate your marketing game and stay informed with Presspool.ai! ๐ŸŒŸ Simples! ๐Ÿฆฆ

Presspool.aiย ๐Ÿ“ฐ๐ŸŠ๐Ÿค– may just have what you need to succeed. And if the product isnโ€™t for you, the newsletter alone is a gamechanger. And we know newsletters ๐Ÿ˜‰

Todayโ€™s newsletter is enough to turn you into a Paranoid Androidโ€ฆ user ๐Ÿค–

๐Ÿšจ Alert: Android Malware Threat Targets Finnish Bank Accounts ๐Ÿ“ต

Finland's Transport and Communications Agency (Traficom) raises the alarm on an Android malware campaign aimed at breaching online bank accounts. ๐Ÿšจ

๐Ÿ“ฒ Sophisticated Scam Tactics

Scammers deploy SMS messages, purportedly from banks or payment service providers, instructing recipients to call a number for "protection" via a McAfee app. ๐Ÿ“ฑ

๐Ÿ›ก๏ธ Deceptive McAfee App

Unsuspecting victims are lured into downloading a malicious McAfee app, masquerading as antivirus software, but instead serving as a gateway for threat actors to access bank accounts. ๐Ÿ˜ฑ

๐Ÿ’ณ Financial Impact

Multiple cases reported to the Cyber Security Center reveal victims losing substantial sums, with one individual falling prey to a 95,000 euro ($102,000) loss. ๐Ÿ’ฐ

๐Ÿšซ Android Exclusivity

The campaign exclusively targets Android devices, posing a significant threat to users' financial security. No separate infection chain has been identified for Apple iPhone users. ๐Ÿ“ฑ

๐Ÿฆ  Vultur Trojan Suspected

While the specific malware type remains undisclosed, similarities to the Vultur trojan suggest a hybrid smishing and phone call attack strategy, highlighting the evolving sophistication of cyber threats. ๐Ÿ•ต๏ธโ€โ™‚๏ธ

๐Ÿ›ก๏ธ Protective Measures

Victims are advised to contact their bank immediately, restore factory settings on infected devices, and report suspicious activity to authorities. Activation of Android's Play Protect feature is crucial for ongoing defence against known malware variants. ๐Ÿ›ก๏ธ

Remain vigilant against unsolicited requests for app installations or sensitive information and prioritise cybersecurity measures to safeguard personal and financial data. ๐Ÿ“ต๐Ÿ”’

๐Ÿ—ž๏ธ Extra, Extra! Read all about it! ๐Ÿ—ž๏ธ

Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!

  • ๐Ÿ›ก๏ธ Tl;dr sec: Join 30,000+ security professionals getting the best tools, blog posts, talks, and resources right in their inbox for free every Thursday ๐Ÿ“…

  • ๐Ÿ’ตย Crypto Pragmatist: Crypto made simple. Actionable alpha in 5 minutes, 3x a week. Join 47,000+ investors and insiders, for ๐Ÿ†“

  • ๐Ÿ“ˆย Bitcoin Breakdown: The best in Bitcoin, carefully curated by an alien from the future ๐Ÿ‘พ

Let us know what you think.

So long and thanks for reading all the phish!

footer graphic cyber security newsletter

Recent articles