- Security researchers have uncovered “Cthulhu Stealer,” a new malware targeting Apple’s operating system
- The discovery has highlighted the increasing vulnerability of macOS systems to malware attacks
- Cthulhu Stealer has joined a growing list of threats, signaling a shift in macOS cybersecurity
Security researchers have uncovered a new malware-as-a-service (MaaS) called “Cthulhu Stealer,” specifically designed to target Apple’s operating system. The discovery, reported by Cado Security, highlights the increasing vulnerability of macOS systems to malware attacks. Cthulhu Stealer joins a growing list of malware targeting macOS, signaling a significant shift in the cybersecurity landscape for Apple users. Traditionally considered more secure than other platforms, macOS has recently seen a rise in threats, challenging its reputation for robust security.
Threat Hidden in Software
Cthulhu Stealer is distributed as a disguised Apple disk image (DMG) file, masquerading as legitimate software like CleanMyMac, Grand Theft Auto IV, or Adobe GenP. Written in GoLang, the malware is compatible with both x86_64 and ARM architectures, making it versatile and effective across various macOS systems. This emergence follows closely on the heels of another crypto-stealing malware targeting Call of Duty players.
Cthulhu Stealer targets browser cookies, game accounts, and crypto wallets, employing a script which prompts users for their system password and MetaMask credentials. It then creates a directory where it stores stolen data, ready to be remotely grabbed.
Similarities to Prior Incarnations
The functionality of Cthulhu Stealer bears a striking resemblance to Atomic Stealer, another macOS-targeted malware identified earlier in 2023. Both are written in Go and share the same focus on stealing crypto wallets, browser credentials, and keychain data, suggesting that Cthulhu Stealer could be a modified version of its predecessor.
The malware is operated by a group known as “Cthulhu Team,” who utilize Telegram for communication, offering the malware for rent at $500 per month, with affiliates responsible for its deployment and receiving a share of the profits.
Last year North Korean group BlueNoroff released a MacOS threat through Word documents, PDFs or PowerPoint files, and in January, security firm Kaspersky found that hackers were using pirated software to infiltrate crypto wallets on macOS-based devices.