Cthulhu Stealer: New macOS Malware Threatens User Data and Crypto Wallets

The post Cthulhu Stealer: New macOS Malware Threatens User Data and Crypto Wallets appeared on BitcoinEthereumNews.com.

TLDR: New macOS malware “Cthulhu Stealer” targets Apple users’ data Disguises as legitimate software like CleanMyMac and Adobe GenP Steals crypto wallets, passwords, and other sensitive information Available as malware-as-a-service for $500 per month Apple plans to tighten Gatekeeper security in macOS Sequoia A new strain of malware targeting Apple’s macOS operating system has been identified by cybersecurity researchers. Named “Cthulhu Stealer,” this malicious software poses a serious threat to Mac users’ personal information and digital assets. Cthulhu Stealer first appeared in late 2023 and has been available on the dark web as a malware-as-a-service (MaaS) offering for $500 per month. This business model allows multiple bad actors to deploy the malware against unsuspecting Mac owners. The malware disguises itself as popular software to trick users into installation. Common disguises include CleanMyMac, Grand Theft Auto IV, and Adobe GenP. It is distributed as an Apple disk image (DMG) file, which appears legitimate at first glance. When users attempt to open the fake application, macOS’s built-in security feature, Gatekeeper, warns that the software is unsigned. However, if a user chooses to bypass this warning, the malware immediately requests the system password, mimicking a legitimate system prompt. This technique has been observed in other Mac malware like Atomic Stealer and MacStealer. Once granted necessary permissions, Cthulhu Stealer can access and steal a wide range of sensitive data. It targets popular cryptocurrency wallets, including MetaMask, Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet. The malware also harvests saved passwords from iCloud Keychain, web browser information, and even details from Telegram accounts. Cthulhu Stealer is capable of targeting both x86_64 and Arm architectures, making it a versatile threat across different Mac models. It uses various techniques to gather system information, including IP address and operating system version. The stolen data is compressed and stored…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ August 26, 2024 12:24 pm