A recent discovery in the cybersecurity world has shed light on a new threat targeting macOS users. Known as Cthulhu Stealer, this malware poses a significant risk to Apple’s operating system, as reported by Cado Security.
Operating as a malware-as-a-service (MaaS), Cthulhu Stealer utilizes Apple disk images (DMG) to mask its true identity and deceive users into downloading it under the guise of legitimate software. Once installed, the malware sets its sights on stealing sensitive information, including credentials and cryptocurrency wallets, from unsuspecting victims.
The modus operandi of Cthulhu Stealer involves using osascript, a macOS command-line tool, to prompt users for their system and MetaMask passwords. This stolen data is then stored in a directory and compressed into a zip file for transmission to the malware’s command-and-control (C2) server. The stolen information encompasses a wide array of sensitive data, such as keychain passwords, MetaMask and Coinbase wallets, game account details like Battle.net, and browser cookies and extensions.
To further deceive users, Cthulhu Stealer masquerades as popular software like CleanMyMac, Adobe GenP, and even a counterfeit version of “Grand Theft Auto IV.” This tactic is designed to lure victims into unwittingly installing the malware on their systems.
Interestingly, Cado Security has drawn parallels between Cthulhu Stealer and a previous malware variant called Atomic Stealer, suggesting a possible connection between the two. The similarities in their password prompts and data collection methods hint at a shared developer behind these malicious tools.
The group responsible for Cthulhu Stealer, known as the “Cthulhu Team,” offers the malware for rent to affiliates at a price of $500 per month. However, internal disputes over payments have reportedly led to allegations of fraud within the group, resulting in the main developer being banned from a prominent malware marketplace.
In light of these developments, Cado Security emphasizes the need for heightened vigilance among macOS users. While Apple’s operating system has long been regarded as secure, the presence of malware targeting Mac users underscores the evolving threat landscape.
To safeguard against threats like Cthulhu Stealer, users are advised to take several precautions. These include downloading software only from trusted sources such as the Apple App Store or official developer websites, enabling macOS’s built-in security features like Gatekeeper, keeping systems and applications updated with the latest security patches, and using reputable antivirus software for added protection.
As the cybersecurity landscape continues to evolve, staying informed and implementing best practices are crucial steps in safeguarding against emerging threats like Cthulhu Stealer.