Security researchers have discovered new macOS malware designed to steal users' most sensitive data. Dubbed “Cthulhu Stealer,” the malware targets users by masquerading as a popular app, harvesting system passwords, iCloud Keychain passwords, cryptocurrency wallets, and more.
Cthulhu Stealer malware threat
The Cthulhu Stealer has reportedly been available as a paid service for malicious users for $500 per month since late 2023. It is particularly effective due to its ability to disguise itself as legitimate software.
Written by Ravi Lakshmanan Hacker News:
Some of the software programs it poses include CleanMyMac, Grand Theft Auto IV, and Adobe GenP, an open-source tool that patches Adobe apps to bypass Creative Cloud services and activate apps without a serial key.
After explicitly allowing an unsigned file to run, i.e. bypassing Gatekeeper protection, users who launch it will be prompted to enter their system password. In the next step, a second prompt will appear to enter the MetaMask password. The Cthulhu Stealer is also designed to gather system information and dump iCloud Keychain passwords using an open source tool called Chainbreaker.
The stolen data, including web browser cookies and Telegram account information, was compressed and stored in a ZIP archive file and then exfiltrated to a command and control (C2) server.
Lakshmanan said the threat actors behind the Cthulhu Stealer are no longer active, but the software could still do similar damage if it falls into the hands of other malicious users.
Mac users generally don't face as many intrusive attacks from the hacker community as Windows or Linux systems, but the Cthulhu Stealer appears to be built to take advantage of the sense of security that macOS sometimes offers.
It's not uncommon for many Mac users to routinely circumvent Gatekeeper protection, and Apple is trying to change that with macOS Sequoia. But the fact remains that posing as a known app can be an effective way for malware to infiltrate Mac systems and harvest user data.
One way to protect yourself from such threats is to prioritize downloading apps from the Mac App Store and known third-party platforms. Official websites of popular developers are also generally safe places to get software.
9to5Mac's take
Cthulhu Stealer and similar software threats could do much less damage if users took macOS security features seriously, so next time you're tempted to get around Gatekeeper and open a new app you downloaded from the web, be sure to check where it came from.
For more information about the Cthulhu Stealer, we recommend reading the full article. Hacker News article.
Have you ever encountered the Cthulhu Stealer or similar malware? What are your security best practices? Let us know in the comments.
FTC: We use automated affiliate links that generate revenue. more.