• Apple Mac users are alerted against a new strain of malware called the Cthulhu Stealer.

  • Cthulhu Steale can steal personal information and target crypto wallets.

  • Though Cthulhu Stealer is no longer active, the security platform urges users to stay vigilant.

Apple Mac systems, known for their strong security, face a new threat: “Cthulhu Stealer.” Cybersecurity firm Cado Security is warning Mac users about this malware, which can steal personal information and empty crypto wallets.

Recently, Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named “Cthulhu Stealer”. This blog will explore the functionality of this malware and provide insight into how its operators carry out their activities: https://t.co/nJCt6RnUfG

— Cado (@CadoSecurity) August 22, 2024

Cado Security’s blog post challenges the idea that macOS systems are immune to malware. They point to recent examples like Silver Sparrow, KeRanger, and Atomic Stealer as evidence.The newly discovered Cthulhu Stealer is a malware-as-a-service (MaaS) written in GoLang. It masquerades as legitimate software, like CleanMyMac or Adobe products, within an Apple disk image (DMG).

“The malware is written in Golang and disguises itself as legitimate software.”

Cado researcher Tara Gould also explains that Cthulhu Stealer’s main goal is to steal login information thereby cryptocurrency from various wallets. There is speculation that Cthulhu Stealer may be a modified version of the 2023 malware Atomic Stealer, due to their similarities.

The security platform offers a breakdown of how the malware works, urging users to be cautious. Launching this unsigned file tricks users into entering their system password. This technique, also used by Atomic Stealer, Cuckoo, MacStealer, and Banshee Stealer, gives the malware control over the system.

Next, the malware asks for the password to the popular Ethereum wallet MetaMask. Other major wallets like Coinbase, Binance, Electrum, Wasabi, Atomic, and Blockchain Wallet are also targeted. The stolen credentials are saved in text files within a newly created directory, and Chainbreaker is used to extract Keychain passwords.

Cado Security noted that Cthulhu Stealer does not seem to be active anymore. However, it serves as a reminder that even Apple’s security is not foolproof. The firm urged Apple users to stay alert and to take precautions to protect their crypto wallets from such nefarious threats.

The post New Malware Threat: Cthulhu Stealer Targets Mac and Crypto appeared first on Coin Edition.