A newly discovered malware, Cthulhu Stealer, is posing a significant threat to macOS users, especially those managing cryptocurrency assets. This malware-as-a-service (MaaS) targets macOS through deceptive means, such as masquerading as legitimate applications like CleanMyMac or Adobe GenP, or even as a fake early release of “Grand Theft Auto VI.” Once the user mounts the malicious DMG file and enters their credentials, the malware begins to steal sensitive data.
How Does Cthulhu Stealer Compromise macOS?
Cthulhu Stealer starts its attack by using osascript, a macOS tool, to extract passwords from the system’s Keychain. This stolen data, which includes information from various cryptocurrency wallets like MetaMask, Binance, and Coinbase, is compiled into a zip archive labeled with the user’s country code and attack timestamp. The malware also steals data from:
- Chrome extension wallets
- Minecraft user information
- Wasabi wallet
- Keychain passwords
- SafeStorage passwords
- Battlenet game, cache, and log data
- Firefox cookies
- Daedalus wallet
- Electrum wallet
- Atomic wallet
- Harmony wallet
- Enjin wallet
- Hoo wallet
- Dapper wallet
- Coinomi wallet
- Trust wallet
- Blockchain wallet
- XDeFi wallet
- Browser cookies
- Telegram Tdata account information
Additionally, it collects system information, such as IP address, system name, and OS version, which is then sent to a command and control (C2) server. This enables attackers to further refine their malicious activities.
Scammers Profit by Selling Cthulhu Stealer for $500/Month
Scammers exploit this malware by selling it as a service for $500 per month. They employ various tactics to deceive users into downloading the malware, such as posing as employers offering jobs that require software installation. These offers often create a sense of urgency, prompting users to quickly download and install the malware.
Protecting Against Cthulhu Stealer
To avoid falling victim to this threat, macOS users should install reliable antivirus software specifically designed for their system. It’s also crucial to be skeptical of job offers or other opportunities that demand immediate software downloads. Regularly updating your software can further mitigate the risk of malware infection.