Apple Mac Users Warned About ‘Cthulhu Stealer’ Malware Targeting Crypto Wallets
Applecrypto scam
The Cthulhu Stealer malware masquerades as legitimate software.
Cybersecurity firm Cado Security has warned Apple Mac users regarding a new malware variant named “Cthulhu Stealer,” which is designed to steal personal information and target cryptocurrency wallets.
In a recent report, Cado Security highlighted the growing threat to macOS users.
“While MacOS has a reputation for being secure, macOS malware has been trending up in recent years,” the firm stated.
Cthulhu Stealer Masquerades as Legitimate Software
The Cthulhu Stealer malware masquerades as legitimate software, such as CleanMyMac or Adobe GenP, appearing in the form of an Apple disk image (DMG).
Once users download and open this file, they are prompted to enter their password through macOS’s command-line tool, which runs AppleScript and JavaScript.
After the initial password is entered, the malware prompts for a second password, specifically targeting the Ethereum wallet MetaMask.
Once Cthulhu Stealer gains access, it stores the stolen data in text files and proceeds to fingerprint the victim’s system, collecting information such as IP address and operating system version.
“The main functionality of Cthulhu Stealer is to steal credentials and cryptocurrency wallets from various stores, including game accounts,” Tara Gould, a researcher at Cado Security, said.
Cthulhu Stealer shares similarities with another piece of malware called Atomic Stealer, which was discovered in 2023 targeting Apple computers
Gould suggests that the developer behind Cthulhu Stealer likely modified Atomic Stealer’s code to create this new strain
The malware has been rented out to affiliates for $500 per month through the Telegram messaging platform, with profits shared among the developers
However, recent disputes over payments have reportedly caused the main scammers to disappear, leading to accusations of an exit scam
The rise of Cthulhu Stealer and other similar threats, like the AMOS malware.