Cthulhu Stealer Malware Targets macOS With Deceptive Tactics

Security

A newly discovered malware, Cthulhu Stealer, has been observed targeting macOS users, marking another significant cybersecurity threat to Apple’s operating system. 

The tool, identified by Cado Security, operates as a malware-as-a-service (MaaS) and leverages Apple disk images (DMG) to disguise itself as legitimate software.

How Cthulhu Stealer Works

The Cthulhu Stealer primarily focuses on stealing sensitive information, including credentials and cryptocurrency wallets, from its victims. Once a user mounts the DMG and opens the disguised file, the malware uses osascript, a macOS command-line tool, to prompt the user for their system and MetaMask passwords. 

The stolen data is stored in a directory and compressed into a zip file for exfiltration to the malware’s command-and-control (C2) server. The stolen data includes:

  • Keychain passwords

  • MetaMask and Coinbase wallets

  • Game account details like Battle.net

  • Browser cookies and extensions

Cthulhu Stealer mimics well-known software, such as CleanMyMac, Adobe GenP and a typo-laden “Grand Theft Auto IV,” to trick users into installing it. 

Similarities to Atomic Stealer and Developer Disputes

Cado Security has noted substantial similarities between Cthulhu Stealer and the earlierAtomic Stealer, indicating that Cthulhu Stealer may be a modified version of the latter. Both malware variants utilizesimilar password prompts and data collection techniques, suggesting they may share a developer.

Read more on cybersecurity trends affecting macOS users: Fake Meeting Software Spreads macOS Infostealer

The operators behind Cthulhu Stealer, known as the “Cthulhu Team,” rent out the malware to affiliates for $500 per month. However, disputes over payments have reportedly led to accusations of fraud within the group, resulting in the main developer being banned from a popular malware marketplace.

Protecting macOS Against Cthulhu Stealer

According to Cado Security, the discovery underscores the evolving threat landscape for macOS users. 

“While macOS has long been considered a secure system, the existence of malware targeting Mac users remains an increasing security concern,” the company wrote.

To protect against similar threats like Cthulhu Stealer, Cado Security recommends several precautions for macOS users. These include:

  • Downloading software only from trusted sources, such as the Apple App Store or the official websites of reputable developers

  • Enabling macOS’s built-in security features, such as Gatekeeper, to prevent the installation of unverified apps

  • Keeping your system and applications up to date with the latest security patches

  • Using reputable antivirus software for an additional layer of protection

Image credit: Farknot Architect / Shutterstock.com

Products You May Like

Articles You May Like

Researchers Warn of Privilege Escalation Risks in Google’s Vertex AI ML Platform
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials
Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors
Free Decryptor Released for BitLocker-Based ShrinkLocker Ransomware Victims
New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration

Leave a Reply

Your email address will not be published. Required fields are marked *