There’s a New Mac Malware Targeting Crypto Wallets

As a seasoned researcher with years of experience under my belt, I can attest to the ever-evolving landscape of cyber threats. The emergence of “Cthulhu Stealer” targeting Mac users is yet another reminder that no system is invincible.


A new malware known as “Cthulhu Stealer” is targeting Apple Mac users, posing a significant risk to personal data and cryptocurrency wallets. 

As a researcher, I’ve uncovered an interesting finding: I’ve noticed some malicious software masquerading as trustworthy applications, like CleanMyMac and Adobe GenP. This deceptive tactic lures unsuspecting users into downloading these seemingly harmless programs, making them potential targets for cyber attacks.

As reported by cybersecurity company Cado Security, there’s been a growing trend of malware attacks on Apple’s macOS systems, which were previously believed to be more resistant to such threats compared to other operating systems.

As a researcher, I’ve long held the assumption that macOS systems were impervious to malware. However, a recent statement made on August 22 by the company challenges this view, as they’ve observed an increase in malicious software targeting Apple devices.

Instead of saying “Cthulhu Stealer is delivered as an Apple disk image (DMG) file,” you could rephrase it as “You receive Cthulhu Stealer in a format known as a DMG file from Apple.”

After entering the password, the malicious software subsequently requests permission to access cryptocurrency accounts, specifically MetaMask (a well-known Ethereum wallet). It additionally aims at popular wallets provided by platforms like Coinbase, Binance, and Blockchain Wallet.

The stolen information is saved in text files and includes data like IP addresses and operating system versions. The primary function of Cthulhu Stealer is to collect credentials, cryptocurrency wallets, and even gaming accounts, according to Cado researcher Tara Gould.

It appears that Cthulhu Stealer and Atomic Stealer, a malicious program detected in 2023, share common characteristics, suggesting the possibility that they were both developed using the same base code, but with some adjustments. This malware was offered for rental on Telegram at $500 per month, with the earnings being distributed among those who helped promote it.

Yet, it appears that disagreements among the scammers may have resulted in allegations of a shut-down scheme, leading to the platform’s inactivity.

Read More

Sorry. No data so far.

2024-08-26 13:26