Apple Mac users are being alerted to a new strain of malware, “Cthulhu Stealer,” which is designed to steal personal information and target cryptocurrency wallets such as MetaMask, Coinbase, and Binance. This malware, reminiscent of the 2023 Atomic Stealer, exploits the long-held belief that macOS is impervious to malware. Cthulhu Stealer disguises itself as legitimate software and, once installed, prompts users to enter passwords, which are then stolen and used to access crypto wallets. The malware’s developer reportedly rented it out for $500 per month before an alleged exit scam led to their disappearance. Apple has responded by tightening security measures in its upcoming macOS update.

Rising Threat: Cthulhu Stealer Targets Mac Users

A New Malware Strain Hits macOS
Cybersecurity experts are sounding the alarm about a new malware variant dubbed “Cthulhu Stealer,” which specifically targets Apple Mac users. The malware is particularly dangerous as it goes after popular cryptocurrency wallets like MetaMask, Coinbase, and Binance. Disguised as legitimate software such as CleanMyMac and Adobe GenP, Cthulhu Stealer lures users into downloading it, subsequently compromising their systems.

Exploiting the Myth of Mac Immunity

macOS Security Under Scrutiny
For years, macOS has been regarded as a fortress against malware. However, this perception is rapidly changing. According to Cado Security, the belief that macOS is immune to such threats has allowed malware like Cthulhu Stealer to proliferate. The malware’s ability to deceive users by masquerading as trusted applications highlights the growing vulnerabilities in Apple’s operating systems.

How Cthulhu Stealer Operates

Deceptive Tactics and Credential Theft
Cthulhu Stealer typically presents itself as an Apple disk image (DMG) file. Upon opening, it prompts users for their system password via a command-line tool that runs AppleScript and JavaScript. Once the system password is obtained, the malware requests the password for the user’s MetaMask wallet, along with credentials for other major crypto wallets. The stolen data is then stored in text files, and the victim’s system is fingerprinted to collect additional information, such as the IP address and operating system version.

Links to Atomic Stealer and Developer Activity

A Familiar Threat with New Twists
Cthulhu Stealer bears a striking resemblance to Atomic Stealer, malware that targeted Apple computers in 2023. This similarity suggests that the developer may have used Atomic Stealer’s code as a foundation, modifying it to create Cthulhu Stealer. The malware was rented out to affiliates for $500 per month through the Telegram messaging platform. However, disputes over profit-sharing have reportedly led to accusations of an exit scam, with the scammers now believed to be inactive.

Apple’s Response to Growing Malware Threats

Enhanced Security in macOS
In response to the rising threat of macOS-targeted malware, Apple announced on August 6 an update to its next-generation macOS that will make it harder for users to bypass Gatekeeper protections. These protections ensure that only trusted applications are allowed to run on the system, adding an extra layer of security against threats like Cthulhu Stealer. Additionally, Apple has acknowledged that while some vulnerabilities, like the recent macOS camera exploit, have been downplayed, they underscore the need for stronger permission security within the operating system.