Cybersecurity researchers at Kandji have identified a new macOS malware, named 'Cuckoo', masquerading as a music converter application similar to Spotify.

Cuckoo is capable of running on both Intel and ARM-based Macs and has been found on websites offering counterfeit Spotify music converter apps.

The malware filches a variety of data including keychain contents, screenshots, webcam pictures, browsing history, messaging app data, and cryptocurrency wallet information.

It exploits the macOS keychain to gain access to online accounts and sensitive data, and ensures its persistence on the system through LaunchAgent.

Cuckoo was signed with a legitimate developer ID from China, which may have helped it bypass some security measures.

Users are encouraged to download software from reputable sources, inspect emails and attachments carefully, and utilize trustworthy antivirus and anti-malware tools to safeguard against malware like Cuckoo.