TLDR:
- New macOS malware “Cthulhu Stealer” targets Apple users’ data
- Disguises as legitimate software like CleanMyMac and Adobe GenP
- Steals crypto wallets, passwords, and other sensitive information
- Available as malware-as-a-service for $500 per month
- Apple plans to tighten Gatekeeper security in macOS Sequoia
A new strain of malware targeting Apple’s macOS operating system has been identified by cybersecurity researchers. Named “Cthulhu Stealer,” this malicious software poses a serious threat to Mac users’ personal information and digital assets.
Cthulhu Stealer first appeared in late 2023 and has been available on the dark web as a malware-as-a-service (MaaS) offering for $500 per month.
This business model allows multiple bad actors to deploy the malware against unsuspecting Mac owners.
The malware disguises itself as popular software to trick users into installation. Common disguises include CleanMyMac, Grand Theft Auto IV, and Adobe GenP. It is distributed as an Apple disk image (DMG) file, which appears legitimate at first glance.
When users attempt to open the fake application, macOS’s built-in security feature, Gatekeeper, warns that the software is unsigned.
However, if a user chooses to bypass this warning, the malware immediately requests the system password, mimicking a legitimate system prompt. This technique has been observed in other Mac malware like Atomic Stealer and MacStealer.
Once granted necessary permissions, Cthulhu Stealer can access and steal a wide range of sensitive data. It targets popular cryptocurrency wallets, including MetaMask, Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet.
The malware also harvests saved passwords from iCloud Keychain, web browser information, and even details from Telegram accounts.
Cthulhu Stealer is capable of targeting both x86_64 and Arm architectures, making it a versatile threat across different Mac models. It uses various techniques to gather system information, including IP address and operating system version.
The stolen data is compressed and stored in a ZIP archive file before being exfiltrated to a command-and-control (C2) server controlled by the attackers.
This comprehensive data theft puts users at risk of financial loss, identity theft, and other forms of cybercrime.
While Cthulhu Stealer isn’t considered particularly sophisticated and lacks advanced anti-analysis techniques, it remains a significant threat due to its wide-ranging data collection capabilities.
The malware’s similarity to previously identified threats like Atomic Stealer suggests that cybercriminals are actively adapting and improving their tools to target macOS users.
In response to the growing threat of malware, Apple has announced plans to enhance security measures in the upcoming macOS Sequoia.
The update will make it more difficult for users to override Gatekeeper protections, requiring them to visit System Settings to review security information before allowing unsigned software to run.
To protect against threats like Cthulhu Stealer, cybersecurity experts recommend that Mac users only download software from trusted sources like the App Store or official developer websites.
Users should be wary of any application requesting system passwords during installation and keep their operating systems updated with the latest security patches from Apple.
Source: https://blockonomi.com/cthulhu-stealer-new-macos-malware-threatens-user-data-and-crypto-wallets/