Similar to the previous captures, paths to files of interest associated with the Notes application are created and passed to the function that calls multiple executions that make copies of these files. There is a specific function call for Apple applications that executes multiple calls to to duplicate and store these files in a temp directory.
Disclaimer: This article is part of X-Force OSINT Advisories automated collection to enable faster integration of open-source articles to client environments. All credit and copyright goes to the original authors.
Reference:
https://blog.kandji.io/malware-cuckoo-infostealer-spyware
Sample Indicators of Compromise:
http://146.70.80.123/static.phphttp://tunesfun.com1827db474aa94870aafdd63bdc25d61799c2f405ef94e88432e8e212dfa51ac7146.70.80.123http://fonedog.com
