The Cthulhu Stealer malware masquerades as legitimate software.
Users of Apple Mac computers have been alerted by cybersecurity company Cado Security to a new malware variant called “Cthulhu Stealer,” which is intended to steal personal data and target cryptocurrency wallets.
In a recent report, Cado Security highlighted the growing threat to macOS users.
“While MacOS has a reputation for being secure, macOS malware has been trending up in recent years,” the firm stated.
Cthulhu Stealer Masquerades as Legitimate Software
The Cthulhu Stealer malware appears as an Apple disk image (DMG) and poses as genuine software, such as CleanMyMac or Adobe GenP.
Users are prompted to enter their password through the macOS command-line tool, which uses JavaScript and AppleScript, after they download and open this file.
The malware asks for a second password after the first one is entered, and it specifically targets the MetaMask Ethereum wallet.
Recently, Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named “Cthulhu Stealer”. This blog will explore the functionality of this malware and provide insight into how its operators carry out their activities: https://t.co/nJCt6RnUfG
— Cado (@CadoSecurity) August 22, 2024
There is also a risk to other well-known cryptocurrency wallets, such as Blockchain Wallet, Wasabi, Electrum, Atomic, Coinbase, and Binance.
After gaining access, Cthulhu Stealer fingerprints the victim’s system to gather details like the operating system version and IP address. It then saves the stolen data in text files.
According to Tara Gould, a researcher at Cado Security, “the main functionality of Cthulhu Stealer is to steal credentials and cryptocurrency wallets from various stores, including game accounts.”
Similarities exist between Cthulhu Stealer and Atomic Stealer, a malware that was found in 2023 and was intended for Apple computers.
According to Gould, the code for Atomic Stealer was probably altered by the creator of Cthulhu Stealer in order to produce this new strain.
Profits from the $500 monthly rental of the malware to affiliates via the Telegram messaging app are divided among the developers.
Nevertheless, there have been allegations of an exit scam since the primary con artists are said to have vanished as a result of recent disagreements over payments.
Apple has responded in response to the emergence of Cthulhu Stealer and other related threats, such as the AMOS malware that replicates Ledger Live software.
The tech behemoth just released updates to its macOS that make it harder for users to get around Gatekeeper security measures, which make sure that only reliable apps are launched.
Florida Woman Sues Google Over Play Store Crypto Scam
In a different instance, Florida resident Maria Vaca sued Google, claiming that she lost more than $5 million as a result of the tech giant’s carelessness.
The lawsuit claimed that Yobit Pro, a cryptocurrency investment app she downloaded from the Google Play Store, tricked her.
Google filed a lawsuit against two developers in April after they produced 87 phony apps that deceived over 100,000 users, 8,700 of whom were Americans.
The strategies outlined in Google’s lawsuit are similar to Vaca’s experience, even though Yobit Pro was not mentioned.
These include dishonest apps that entice users with the promise of large returns only to demand more money in the form of taxes or fees, never letting the user take their money out.
In the meantime, Google has introduced a feature that lets users look up wallet balances on blockchains including Fantom, Bitcoin, Arbitrum, Avalanche, and Optimism.