A recent discovery in the world of cybersecurity has unveiled a new threat to macOS users – the Cthulhu Stealer malware. This malicious tool, identified by Cado Security, operates as a malware-as-a-service (MaaS) and utilizes Apple disk images (DMG) to disguise itself as legitimate software.
The primary function of Cthulhu Stealer is to steal sensitive information from its victims, including credentials and cryptocurrency wallets. Once a user unwittingly mounts the DMG and opens the disguised file, the malware uses osascript, a macOS command-line tool, to prompt the user for their system and MetaMask passwords.
The stolen data is then stored in a directory and compressed into a zip file for transmission to the malware’s command-and-control (C2) server. The stolen information includes keychain passwords, MetaMask and Coinbase wallets, game account details like Battle.net, as well as browser cookies and extensions.
To lure unsuspecting users into installing the malware, Cthulhu Stealer masquerades as well-known software such as CleanMyMac, Adobe GenP, and a typo-laden version of “Grand Theft Auto IV.”
Interestingly, Cado Security has identified significant similarities between Cthulhu Stealer and a previously discovered malware known as Atomic Stealer, suggesting that the former may be a modified version of the latter. Both variants employ similar password prompts and data collection techniques, hinting at a shared developer behind these malicious tools.
The operators of Cthulhu Stealer, referred to as the “Cthulhu Team,” rent out the malware to affiliates for $500 per month. However, internal disputes over payments have led to accusations of fraud within the group, resulting in the main developer being banned from a popular malware marketplace.
In light of this new threat, Cado Security emphasizes the importance of taking proactive measures to safeguard macOS devices. They recommend only downloading software from trusted sources like the Apple App Store or official websites of reputable developers, enabling macOS’s built-in security features such as Gatekeeper, keeping systems and applications up to date with the latest security patches, and using reputable antivirus software for an added layer of protection.
As the cybersecurity landscape continues to evolve, it is crucial for macOS users to stay vigilant and implement these security measures to protect themselves against threats like Cthulhu Stealer. Stay informed, stay protected.