Cybersecurity firm Cado Security has issued a warning to Apple Mac users about a new malware variant called “Cthulhu Stealer.” This malware is designed to steal personal information and target cryptocurrency wallets.
Cado Security’s latest report highlights a growing threat to macOS users.
“Although macOS is known for its security, macOS malware incidents have increased in recent years,” the report indicates.
Malware Disguised as Legitimate Applications
Cthulhu Stealer disguises itself as legitimate software, such as CleanMyMac or Adobe GenP. It appears as an Apple disk image (DMG).
When users download and open this file, they are prompted to enter their password through macOS’s command-line tool. This tool uses AppleScript and JavaScript. After entering the first password, the malware requests a second password, specifically targeting MetaMask for Ethereum.
Cado Security has identified “Cthulhu Stealer” as a malware-as-a-service (MaaS) targeting macOS users. For more details on this malware and how it operates, visit Cado Security’s blog: Cthulhu Stealer Overview.
Other popular crypto wallets, including those from Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet, are also at risk.
Once Cthulhu Stealer gains access, it collects stolen data in text files. It also performs system fingerprinting, gathering details like IP address and operating system version.
“The main goal of Cthulhu Stealer is to steal credentials and cryptocurrency wallets from various sources, including game accounts,” said Tara Gould, a researcher at Cado Security.
Connections to Previous Malware
Cthulhu Stealer shares similarities with Atomic Stealer, a malware discovered in 2023 that targeted Apple computers. Gould suspects that the creator of Cthulhu Stealer modified Atomic Stealer’s code to create this new variant.
The malware is available for rent to affiliates for $500 per month via Telegram. Profits are shared among the developers. However, recent payment disputes have led to the main scammers disappearing, raising concerns about an exit scam.
The rise of Cthulhu Stealer and similar threats, such as AMOS malware, which mimics Ledger Live software, has prompted Apple to enhance its security measures. The company has announced updates to macOS, making it harder for users to bypass Gatekeeper protections designed to run only trusted applications.
Florida Woman Files Lawsuit Against Google Over Crypto Scam
In another case, Florida resident Maria Vaca has sued Google, claiming that the tech giant’s negligence caused her to lose over $5 million.
Vaca alleges that she was deceived by a crypto investment app called Yobit Pro, which she downloaded from the Google Play Store.
In April, Google sued two developers who created 87 fraudulent apps. These apps scammed over 100,000 users, including 8,700 U.S. residents. Although Yobit Pro was not part of Google’s lawsuit, its tactics are similar to those described by Vaca.
These tactics involved fraudulent apps that promised high returns but required additional payments for taxes or fees, with no intention of allowing withdrawals.
In response, Google has introduced a new feature allowing users to check wallet balances on multiple blockchains, including Bitcoin, Arbitrum, Avalanche, Optimism, Polygon, and Fantom.
The post Apple Mac Users Warned About ‘Cthulhu Stealer’ Malware Targeting Crypto Wallets appeared first on Cryptonews.
