As macOS users enjoy the sleek interface and security reputation of Apple’s operating system, a new threat has emerged in the form of Cthulhu Stealer. This newly discovered malware, identified by Cado Security, poses a significant risk to the privacy and security of macOS users.
Cthulhu Stealer operates as a malware-as-a-service (MaaS) and cleverly disguises itself using Apple disk images (DMG) to appear as legitimate software. This tactic allows the malware to trick unsuspecting users into installing it unknowingly.
Understanding How Cthulhu Stealer Operates
The primary goal of Cthulhu Stealer is to steal sensitive information from its victims, including credentials and cryptocurrency wallets. When a user mounts the DMG and opens the disguised file, the malware uses macOS command-line tool osascript to prompt the user for their system and MetaMask passwords.
Once the data is extracted, it is stored in a directory and compressed into a zip file for exfiltration to the malware’s command-and-control (C2) server. The stolen data encompasses keychain passwords, MetaMask and Coinbase wallets, game account details, browser cookies, and extensions.
Cthulhu Stealer adopts the guise of well-known software like CleanMyMac, Adobe GenP, and a typo-laden version of “Grand Theft Auto IV” to deceive users during installation.
Connections to Atomic Stealer and Developer Disputes
Researchers at Cado Security have identified notable similarities between Cthulhu Stealer and the earlier Atomic Stealer, hinting at a possible relationship between the two. The shared password prompts and data collection techniques suggest a common developer behind these malware variants.
The operators of Cthulhu Stealer, known as the “Cthulhu Team,” offer the malware to affiliates for $500 per month. However, disputes over payments have led to accusations of fraud within the group, resulting in the main developer’s ban from a prominent malware marketplace.
Protecting Your Mac Against Cthulhu Stealer
With the rise of threats like Cthulhu Stealer, macOS users must take proactive measures to safeguard their systems. Cado Security emphasizes the importance of downloading software from trusted sources, enabling built-in security features like Gatekeeper, keeping systems up to date with security patches, and utilizing reputable antivirus software for added protection.
Image Credit: Farknot Architect / Shutterstock.com