A new malware known as “Cthulhu Stealer” is targeting Apple Mac users, posing a significant risk to personal data and cryptocurrency wallets.
The malware disguises itself as legitimate software, such as CleanMyMac and Adobe GenP, tricking users into downloading it.
According to cybersecurity firm Cado Security, macOS systems, once thought to be more secure than other operating systems, are increasingly being targeted by malware.
“For years, there has been a general belief that macOS systems are immune to malware,” the firm stated on August 22, noting a rise in malicious software affecting Apple devices.
Cthulhu Stealer is delivered as an Apple disk image (DMG) file. When opened, it uses the macOS command-line tool to prompt users for their passwords.
Once the password is entered, the malware then asks for access to cryptocurrency wallets like MetaMask, a popular Ethereum wallet. The malware also targets other major wallets such as those from Coinbase, Binance, and Blockchain Wallet.
The stolen information is saved in text files and includes data like IP addresses and operating system versions. The primary function of Cthulhu Stealer is to collect credentials, cryptocurrency wallets, and even gaming accounts, according to Cado researcher Tara Gould.
Cthulhu Stealer shares similarities with Atomic Stealer, a malware identified in 2023, indicating that its developer may have used the same code with some modifications. The malware was being rented out for $500 per month through Telegram, with profits shared among affiliates.
However, disputes between the scammers have reportedly led to accusations of an exit scam, causing the operation to go inactive.