Apple Mac users are being warned about a new and dangerous strain of malware called “Cthulhu Stealer,” which could steal personal information and target crypto wallets. Cybersecurity firm Cado Security revealed this alarming threat on August 22. The report underscores the growing vulnerability of macOS systems, traditionally regarded as secure against such attacks.
For years, there has been a widespread belief that macOS systems are largely immune to malware, Apple’s reputation for robust security. However, recent trends show a steady rise in malware targeting macOS, challenging this perception and indicating that no system is entirely safe.
Fake Software Threatens Crypto
Cthulhu Stealer disguises itself as a legitimate Apple disk image (DMG) file, imitating well-known software like CleanMyMac and Adobe GenP. Users who download and open the file are prompted to enter their system password through a command-line tool. This tool runs AppleScript and JavaScript, initiating what appears to be a routine process but is actually the beginning of a sophisticated cyberattack.
Once the system password is entered, the malware prompts the user for their cryptocurrency wallet password, with MetaMask being a primary target. However, Cthulhu Stealer is also designed to compromise other popular crypto wallets, including those from Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet. This broad targeting makes it a significant threat to crypto holders.
Targeting Crypto Wallets
After successfully acquiring the credentials, Cthulhu Stealer stores the stolen data in text files. The malware fingerprints the victim’s system, collecting additional information such as the IP address and operating system version. These details further enhance the attack’s scope and effectiveness.
Tara Gould, a researcher at Cado Security, explained that Cthulhu Stealer’s primary function is to steal credentials and crypto wallets from various platforms, including gaming accounts. Gould highlighted the malware’s similarity to Atomic Stealer, a previous threat that targeted Apple computers in 2023. This similarity suggests that Cthulhu Stealer’s creators may have modified Atomic Stealer’s code for their own purposes.
Texas Telecom Fined $1M Over Biden Deepfake Robocall Scam
Rising Cyber Threats
As previously reported by CryptoTale, North Korean hackers have intensified their cyberattacks on cryptocurrency platforms. This escalation underscored the growing cyber threats within the digital asset industry. Their operations, such as the “Durian” malware attack targeting South Korean crypto companies, are part of a broader trend of increasing cybercrime in the crypto space.
With threats like ‘Cthulhu Stealer’ rising, Mac users who manage cryptocurrency assets are urged to remain vigilant. Keeping systems updated and adopting strong security practices are crucial to protecting digital wallets from these emerging threats.