Although Apple's Macs aren't as popular targets for hackers as Windows PCs, they're not impenetrable: Security researchers recently discovered malware called “Cthulhu Stealer” that disguises itself as a popular app to harvest passwords and steal data from macOS users.
As first reported by The Hacker News, Cado Security issued a public warning this week about Cthulhu Stealer, a malware-as-a-service that targets macOS users, which is expected to be released in late 2023 and sell for $500 per month. “The malware is written in Go and masquerades as legitimate software,” said Tara Gould, a researcher at Cado Security.
To trick users into installing it, it appears as software programs such as CleanMyMac, Grand Theft Auto IV, and Adobe GenP. Adobe GenP is an open-source tool used by some Adobe users to circumvent Creative Cloud subscriptions. The malware is packaged as a disk image (DMG) file that contains a pair of binaries and is capable of attacking both Intel and Apple Silicon Macs depending on the architecture it detects.
When a user attempts to open the fake app, macOS's built-in security feature, Gatekeeper, warns them that the software is unsigned. If the user manages to circumvent Gatekeeper's protection and run the app, they are prompted to enter a seemingly legitimate system password, followed by a second prompt for a MetaMask cryptocurrency wallet. Once the necessary permissions are obtained, the Cthulhu Stealer can steal a variety of sensitive data, including passwords stored in iCloud Keychain, web browser cookies, and Telegram account information.
“The primary function of the Cthulhu Stealer is to steal credentials and cryptocurrency wallets from various stores, including gaming accounts,” Gould explained.
This is an Osascript-based technique that has been seen before in infostealers and malware such as Atomic Stealer, Cuckoo, MacStealer, Banshee Stealer, etc. But even if Cthulhu Stealer isn't the most sophisticated piece of malware, it does pose a serious threat to Mac users who may fall for its trap.
How to protect yourself from Mac malware
So how can you protect your best Mac from malware like Cthulhu Stealer? First of all, be careful about the apps you download and double check who's downloading them from. Macs come with built-in antivirus software called XProtect, but consider using it alongside the best antivirus software solution for Mac. Paid antivirus software is updated more frequently and often includes a VPN and password manager to keep you safe online.
Apple is also working to make it harder to circumvent Gatekeeper protections in macOS Sequoia, due for release in mid-September. Instead of Control-clicking to ignore Gatekeeper warnings, you'll have to go through system preferences to allow unsigned software to run. The hope is that the hassle of taking the extra step will be enough of a deterrent to make users think twice before running potentially dangerous apps.