Recent discoveries have shown that macOS systems are not immune to malware attacks. Cado Security has found a new malware-as-a-service (MaaS) called “Cthulhu Stealer” that specifically targets macOS users. This malware disguises itself as popular software applications and tricks users into giving away sensitive information.Â
The Rise of Cthulhu StealerÂ
Cthulhu Stealer highlights the fact that no operating system is completely safe from cyber threats. It targets users by posing as legitimate applications, such as CleanMyMac and Adobe GenP. It even pretends to be an early release of “Grand Theft Auto VI” to lure users into downloading it.Â
How Does Cthulhu Stealer Work?Â
When a user downloads and mounts the malicious DMG file, they are prompted to enter their system and MetaMask passwords. This is the first step in the malware’s strategy to steal sensitive information. After the user enters their credentials, the malware uses a macOS tool called osascript to extract passwords from the system’s Keychain.Â
Once it has the passwords, the malware collects data from various crypto wallets and other sources. It compiles this information into a zip file, named with the user’s country code and the time of the attack, and sends it to a command and control (C2) server. This allows the attackers to further manipulate the stolen data.Â
Read More: How to Secure Your Cryptocurrency: Best Practices and TipsÂ
What Data Does Cthulhu Stealer Target?Â
Cthulhu Stealer goes after a wide range of data. Here’s a list of the types of information it steals:Â
- Crypto Wallets: MetaMask, Coinbase, Binance, Wasabi, Daedalus, Electrum, Atomic, Harmony, Enjin, Hoo, Dapper, Coinomi, Trust, Blockchain, XDeFiÂ
- Browser Extensions and Cookies: Chrome extension wallets, Firefox cookiesÂ
- Other Platforms: Minecraft user information, Battlenet game data, Telegram Tdata account informationÂ
- System Information: IP address, system name, OS versionÂ
- Password Storage: Keychain passwords, SafeStorage passwordsÂ
Scammers Charge a Fee for Cthulhu StealerÂ
The creators of Cthulhu Stealer charge a monthly fee of $500 for access to this malicious software. They use various tactics to get users to install the malware. On social media, for example, scammers may pose as employers offering jobs that require downloading software to track working hours. They create a sense of urgency, pressuring the victim to download the application immediately.Â
Who is Behind Cthulhu Stealer?Â
The group responsible for this malware is known as the Cthulhu Team. They manage their operations through Telegram, where they coordinate with affiliates and developers.Â
How to Protect Yourself from Malware AttacksÂ
To avoid falling victim to malware like Cthulhu Stealer, it is important to take several precautions:Â
- Install Reliable Antivirus Software: Make sure to use antivirus software specifically designed for macOS.Â
- Be Wary of Job Offers: Be cautious of employment opportunities that require downloading software immediately.Â
- Keep Your Software Updated: Regular software updates can help protect against malware infections. Â
By following these steps, you can significantly reduce the risk of becoming a victim of cyber threats on macOS. Remember, no system is completely secure, so always be vigilant and cautious when downloading software or sharing sensitive information online.Â
Disclaimer
FAQ
Cryptocurrency is a digital form of currency secured by cryptography, not controlled by governments or banks.
Cryptocurrency wallets are digital tools for storing and managing your crypto assets.
Best practices for crypto investment include research, diversification, investing what you can afford to lose, and avoiding hype-driven investments.