⚠ Mac Users Alert: ‘Cthulhu’ Malware Stealing Crypto Wallets!
Contrary to the common belief that macOS is immune to malware, cybersecurity firm Cado Security warns that "macOS malware has been trending up in recent years." The Cthulhu Stealer malware is a stark reminder that even Mac users aren't safe from cyber threats.
Disguised as legitimate software like CleanMyMac or Adobe GenP, Cthulhu Stealer appears as an Apple disk image (DMG). Once downloaded, it uses macOS’s command-line tool to prompt users for their passwords. It doesn’t stop there—after the system password is entered, it asks for the password to popular crypto wallets, particularly targeting Ethereum wallet MetaMask, along with Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet.
The malware collects sensitive data, stores it in text files, and fingerprints the victim’s system to gather additional details, such as IP address and operating system version. Its primary goal is to steal credentials and cryptocurrency wallets, much like the Atomic Stealer malware discovered in 2023, which it seems to have taken inspiration from.
Cthulhu Stealer was reportedly being rented out to affiliates for $500 a month via Telegram. Affiliates would deploy the malware, and profits from successful thefts were shared with the developer. However, disputes over payments have led to accusations of an exit scam, and the scammers behind Cthulhu Stealer are no longer active.
Recently, the AMOS malware, which also targets Mac users, was found to be cloning Ledger Live software, posing yet another threat to crypto holders on macOS . In response to these growing threats, Apple announced an update to its next-generation macOS version on August 6, aiming to tighten Gatekeeper protections and prevent unauthorized apps from running.
Stay alert and follow @Professor Mende - Bonuz Ecosystem Founder !
