On macOS operating systems, the malware targets prominent crypto wallets from companies such as MetaMask, Coinbase, and Binance.
Apple Mac users are being cautioned about a novel malware variant known as “Cthulhu Stealer,” which has the potential to capture their personal information and target crypto wallets.
On August 22, cybersecurity firm Cado Security stated, “There has been a prevalent belief in the Zeitgeist for years that macOS systems are immune to malware.”
“Despite MacOS’s reputation for security, there has been a marked increase in macOS malware in recent years.”
As an Apple disk image (DMG), “Cthulhu Stealer” impersonates legitimate software such as Adobe GenP and CleanMyMac.
Upon opening the file, the macOS command-line application for launching AppleScript and JavaScript requires users to enter their password.
Upon entering this information, a subsequent prompt will appear to request the password for the widely used Ethereum wallet, MetaMask. It also targets other prominent crypto wallets, such as those from Binance, Atomic, Coinbase, Wasabi, and Blockchain Wallet.
The malware stores the stolen data in text files before fingerprinting the victim’s system to collect data such as the operating system version and IP address.
Tar Gould, a researcher at Cado, elucidated that the primary function of Cthulhu Stealer is to pilfer cryptocurrency wallet and credentials from a variety of sources, including game accounts.
Cthulhu Stealer is strikingly similar to Atomic Stealer, a malware that attacked Apple computers in 2023. This suggests that the developer of Cthulhu Stealer “presumably took Atomic Stealer and modified the code,” Gould added.
Affiliates were renting the malware for $500 per month via the Telegram messaging platform, with the primary developer receiving a portion of the proceeds from successful deployments.
Nevertheless, the malware’s perpetrators are purportedly no longer active as a result of disputes over payments, which have resulted in accusations of an exit scheme by affiliates.
The AMOS malware, which also targets Mac users, has the ability to clone Ledger Live software, according to a report by Cointelegraph on August 23.
Apple has recently acknowledged the growing menace of malware that targets its operating systems. The technology colossus announced an update to its next-generation macOS version on Aug. 6. This update increases the difficulty for users to circumvent Gatekeeper protections, which ensure that only trusted applications are permitted to operate on the system.
In May, Telegram downplayed the severity of an exploit that enabled researchers to access macOS camera systems, asserting that it was more of an issue with Apple’s permission security than the messaging platform.