Security researchers have discovered new macOS malware that’s built to steal your most sensitive data.
Dubbed ‘Cthulhu Stealer,’ the malware targets users by impersonating popular apps so it can harvest your system password, iCloud Keychain passwords, cryptocurrency wallets, and more.
Cthulhu Stealer malware threat Cthulhu Stealer has reportedly been available since late 2023 as a $500/month paid service for bad actors.
Cthulhu Stealer is also designed to harvest system information and dump iCloud Keychain passwords using an open-source tool called Chainbreaker.
According to Lakshmanan, the threat actors behind Cthulhu Stealer are no longer active.
Cthulhu Stealer, however, seems built to take advantage of the sense of security macOS can sometimes provide.
For more information on Cthulhu Stealer, I recommend reading the full Hacker News article.
Have you encountered Cthulhu Stealer or other malware like it?
A new piece of macOS malware that is designed to steal your most private information has been found by security researchers. The malware, known as the “Cthulhu Stealer,” targets users by pretending to be well-known apps in order to obtain passwords for iCloud Keychain, cryptocurrency wallets, and more.
The threat of Cthulhu Stealer malware.
It is said that Cthulhu Stealer has been accessible to bad actors as a $500/month paid service since late 2023. Because it can pass for genuine software so well, it can be particularly effective.
Writer Ravie Lakshmanan contributes to The Hacker News.
It poses as a number of different software applications, such as CleanMyMac, Grand Theft Auto IV, and Adobe GenP, an open-source utility that patches Adobe applications to disable the Creative Cloud service and enable them without a serial key.
Users who, despite explicitly permitting it to be run, ultimately launch the unsigned file – i. e. , getting around Gatekeeper security measures, are asked to input their system password. Next, they receive another prompt asking them to enter their MetaMask password. Along with gathering system data, Cthulhu Stealer is also made to use an open-source program named Chainbreaker to extract passwords from iCloud Keychains.
The stolen data is compressed and saved in a ZIP archive file before being exfiltrated to a command-and-control (C2) server. This data also includes web browser cookies and Telegram account information.
The threat actors behind Cthulhu Stealer, according to Lakshmanan, are no longer in the picture. But in the hands of other malevolent users, the software still has the potential to cause just as much harm.
In comparison to Windows and Linux users, Mac users typically don’t experience as many intrusive attempts from the hacker community. On the other hand, Cthulhu Stealer appears designed to capitalize on the illusion of security that macOS occasionally affords.
Many Mac users routinely get around Gatekeeper’s security measures. Through macOS Sequoia, Apple hopes to alter that. Nevertheless, the truth remains that malware can gain access to Mac systems and collect user data by disguising itself as well-known apps.
Making the Mac App Store and reputable third-party platforms your top downloads for apps is one way to protect yourself from these kinds of attacks. Another generally safe place to download your software is from the official websites of well-known developers.
A View from 9to5Mac.
When people take macOS’s security features seriously, Cthulhu Stealer and similar software threats can do far less harm. Thus, be careful to know where an app is coming from the next time you’re tempted to open it from the internet instead of going through Gatekeeper.
I suggest reading the whole Hacker News article to learn more about Cthulhu Stealer.
Tell us in the comments about your security best practices, if you have come across Cthulhu Stealer or any other malware similar to it.