Mac users don’t typically worry about viruses as much as their Windows PC counterparts; however, researchers recently uncovered macOS malware disguised as legitimate software that was built to steal credentials and cryptocurrency wallets.Cado Security this week flagged a new malware-as-a-service (MaaS) known as Cthulhu Stealer that was capable of siphoning a wealth of information from infected computers, including saved passwords, browser cookies, data from crypto wallets, and Telegram account information.The malicious software was first spotted in late 2023 and was sold on the dark web for $500 a month, making it a relatively affordable option for would-be hackers. “Cado has found Cthulhu stealer sold on two well-known malware marketplaces, which are used for communication, arbitration, and advertising of the stealer, along with Telegram,” Cado says.The software gets on a victim’s computer by disguising itself as a legitimate program. Examples cited by Cado include CleanMyMac, Grand Theft Auto IV (likely a typo for VI), and Adobe GenP. As Hacker News notes, those who try to install the software will get a warning about bypassing Apple’s Gatekeeper, which is designed to prevent malicious downloads. If a user ignores the warning, Cthulhu will ask for the user’s system password, similar to legitimate software, and then use that password to steal sensitive data from the device.According to Cado, “the functionality and features of Cthulhu Stealer are very similar to Atomic Stealer,” which was being sold on Telegram for $1,000 per month last year and could access keychain passwords, system information, and files on a Mac. This indicates that “the developer of Cthulhu Stealer probably took Atomic Stealer and modified the code,” Cado says.
Recommended by Our Editors
Luckily, Cthulhu Team “is seemingly no longer active,” Cado says, in part due to complaints from affiliates who paid to use the Cthulhu Stealer and claimed to have been stiffed on payments. “[But] this serves as a reminder that Apple users are not immune to cyber threats. It’s crucial to remain vigilant and exercise caution, particularly when installing software from unofficial sources,” according to Cado, which reminds people to “only download software from a trusted source.”The launch of macOS Sequoia this fall should make this type of stealer less effective since the OS will require people “to go to their System Settings to allow unsigned software to run rather than giving it permission through an on-screen prompt,” Cado says.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
About Emily Price
Weekend Reporter
Read the latest from Emily Price