How Does Cthulhu Stealer Compromise macOS?

Cthulhu Stealer starts its attack by using osascript, a macOS tool, to extract passwords from the system’s Keychain. This stolen data, which includes information from various cryptocurrency wallets like MetaMask, Binance, and Coinbase, is compiled into a zip archive labeled with the user’s country code and attack timestamp. The malware also steals data from:

• Chrome extension wallets
• Minecraft user information
• Wasabi wallet
• Keychain passwords
• SafeStorage passwords
• Battlenet game, cache, and log data
• Firefox cookies
• Daedalus wallet
• Electrum wallet
• Atomic wallet
• Harmony wallet
• Enjin wallet
• Hoo wallet
• Dapper wallet
• Coinomi wallet
• Trust wallet
• Blockchain wallet
• XDeFi wallet
• Browser cookies
• Telegram Tdata account information

Additionally, it collects system information, such as IP address, system name, and OS version, which is then sent to a command and control (C2) server. This enables attackers to further refine their malicious activities.

Scammers Profit by Selling Cthulhu Stealer for $500/Month

Scammers exploit this malware by selling it as a service for $500 per month. They employ various tactics to deceive users into downloading the malware, such as posing as employers offering jobs that require software installation. These offers often create a sense of urgency, prompting users to quickly download and install the malware.

Protecting Against Cthulhu Stealer

To avoid falling victim to this threat, macOS users should install reliable antivirus software specifically designed for their system. It’s also crucial to be skeptical of job offers or other opportunities that demand immediate software downloads. Regularly updating your software can further mitigate the risk of malware infection.

The post Cthulhu Stealer: A Serious Threat to Cryptocurrency Wallets on macOS appeared first on Crypto Market Insights: Dive In with CryptoUpdate.io.