O.M.G [ VERY SERIOUS ] BE CAREFUL FRIENDS đ°
Cado Securityâs discovery has thoroughly debunked the belief that macOS systems are impervious to malware. This revelation concerns a new malware as a service (MaaS) called âCthulhu Stealer,â which targets macOS users through deceptive means.
The rise of Cthulhu Stealer indicates that no system is completely secure against cyber threats.
How Malware Steals Mac Users Cryptoâïž
Cthulhu Stealer disguises itself as legitimate applications such as CleanMyMac and Adobe GenP and software claiming to be an early release of âGrand Theft Auto VI.â
Once the user mounts the malicious DMG file, they are prompted to enter the system and MetaMask passwords. This initial deception is just the beginning.
NEED UR HELP đ€ PLZ VOTE FOR MEâ€
Following the credentials input, the malware utilizes osascript, a macOS tool, to extract passwords from the systemâs Keychain. This data, including details from crypto wallets like MetaMask, Coinbase, and Binance, is compiled into a zip archive. This archive, identified by the userâs country code and the time of the attack, contains the stolen information.
âĄCthulhu Stealer also steals data from other platforms, including:
âą Chrome extension wallets
âą Minecraft user information
⹠Wasabi wallet
âą Keychain passwords
âą SafeStorage passwords
âą Battlenet game, cache, and log data
âą Firefox cookies
âą Daedalus wallet
âą Electrum wallet
âą Atomic wallet
âą Harmony wallet
âą Electrum wallet
⹠Enjin wallet
âą Hoo wallet
âą Dapper wallet
âą Coinomi wallet
âą Trust wallet
âą Blockchain wallet
âą XDeFi wallet
âą Browser cookies
âą Telegram Tdata account information
Moreover, Cthulhu Stealer collects detailed system information such as IP address, system name, and OS version. It then sends this data to a command and control (C2) server, enabling the attackers to refine their strategies.
đ± Scammers Charge $500/Month For Cthulhu Stealer
Scammers use various strategies to trap the victims into installing the malware. For example, on social media, some scammers pose as employers who offer jobs that require downloading software to track working hours. These offers come with a sense of urgency, pushing the potential victim to download the application quickly.
The developers and affiliates behind Cthulhu Stealer, known as the Cthulhu Team, use Telegram to manage their operations.
âThe stealer appears to be being rented out to individuals for $500/month, with the main developer paying out a percentage of earnings to affiliates based on their deployment. Each affiliate of the stealer is responsible for the deployment of the malware. Cado has found Cthulhu stealer sold on two well-known malware marketplaces which are used for communication, arbitration and advertising of the stealer, along with Telegram,â Cado informed readers.