Mac users typically don't worry as much about viruses as Windows PC users, but researchers recently discovered macOS malware disguised as legitimate software designed to steal credentials and cryptocurrency wallets.
Cado Security warned this week about a new malware-as-a-service (MaaS) called Cthulhu Stealer that can siphon a ton of information from an infected computer, including saved passwords, browser cookies, cryptocurrency wallet data, Telegram account information, and more.
The malicious software was first discovered in late 2023 and was being sold on the dark web for $500 per month, making it a relatively affordable option for aspiring hackers.
“Cado found the Cthulhu stealer being sold on two well-known malware marketplaces, along with Telegram, which is used to communicate, moderate and promote stealers,” Cado said.
The software infiltrates victim's computers disguised as legitimate programs, examples given by Cado include CleanMyMac, Grand Theft Auto IV (presumably a misspelling of VI), and Adobe GenP.
As Hacker News points out, when you try to install the software, you'll be greeted with a warning about trying to circumvent Apple's Gatekeeper, which is designed to prevent malicious downloads. If the user ignores the warning, Cthulhu will request the user's system password, just like legitimate software, and then use it to steal sensitive data from the device.
According to Cado, “Cthulhu Stealer's functionality and features are very similar to Atomic Stealer, which was sold on Telegram last year for $1,000 per month and had access to keychain passwords, system information, and files on Macs,” which indicates that “the developers of Cthulhu Stealer likely obtained Atomic Stealer and modified its code,” Cado said.
Editor’s Recommendation
Fortunately, Cado said, Cthulhu Team “appears to be no longer active,” in part due to complaints from affiliates who claim they paid for the Cthulhu Stealer but then defaulted on their payments.
“[But] “This is a reminder that Apple users are not immune to cyber threats, and it is important to remain vigilant and exercise caution, especially when installing software from unofficial sources,” Cado said, reminding people to “only download software from trusted sources.”
When macOS Sequoia is released this fall, these types of stealers should become less effective, as the OS will require users to “allow unsigned software to run in system settings, rather than granting permission through an on-screen prompt,” Kado said.
What did you think when you read it?
sign up Security Watch Get the latest privacy and security news delivered straight to your inbox.
This newsletter may contain ads, deals or affiliate links. By subscribing to our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe from our newsletter at any time.