Apple Mac users are facing a new cybersecurity threat with the emergence of “Cthulhu Stealer,” a sophisticated malware designed to steal personal information and target cryptocurrency wallets. This strain of malware has raised alarms in the cybersecurity community, revealing a growing trend in malware targeting macOS systems.
For years, there has been a widespread belief that macOS systems are largely immune to malware. However, this notion is being challenged. According to Cado Security, macOS malware has been on the rise in recent years, debunking the myth of invulnerability. “While macOS has a reputation for being secure, macOS malware has been trending up in recent years,” noted the cybersecurity firm on August 22.
Cthulhu Stealer is designed to blend in with legitimate software. It appears as an Apple disk image (DMG) and disguises itself as popular applications like CleanMyMac and Adobe GenP. Once the file is opened, it uses macOS’s command-line tool for AppleScript and JavaScript to request user credentials.
The malware prompts users for their macOS password and subsequently requests the password for the Ethereum wallet MetaMask. It also targets other major crypto wallets, including those from Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet. The stolen data is saved in text files, and the malware further collects system details such as IP address and operating system version.
Cthulhu Stealer bears a striking resemblance to Atomic Stealer, malware identified in 2023 that targeted Apple computers. Cado researcher Tara Gould suggests that Cthulhu Stealer’s developer likely adapted and modified the Atomic Stealer code. This indicates a continuity of malicious intent and adaptation in the malware landscape.
The malware was reportedly rented out to affiliates for $500 per month through the Telegram messaging platform. However, recent reports suggest that the scammers behind Cthulhu Stealer may no longer be active due to internal disputes and accusations of an exit scam among affiliates.
The threat landscape for Mac users is expanding. On August 23, Cointelegraph reported on AMOS malware, which now has the capability to clone Ledger Live software. In response, Apple has acknowledged the increasing malware threat and has introduced updates to its next-generation macOS version to enhance security measures. These updates make it more challenging for users to override Gatekeeper protections, which are designed to ensure only trusted applications can run on the system.
The rise of Cthulhu Stealer and similar threats highlights the need for vigilance among Mac users. While macOS remains a robust operating system, it is not immune to malware. Users should remain cautious, verify the authenticity of software, and employ strong security practices to protect their personal and financial information.
Get $200 Free Bitcoins every hour! No Deposit No Credit Card required. Sign Up