Cybersecurity firm Cado Security has issued a warning to Apple Mac users about a new and dangerous malware variant named "Cthulhu Stealer." This malware is designed to steal personal information and target cryptocurrency wallets, posing a significant threat to macOS users.
Cthulhu Stealer disguises itself as legitimate software to deceive users into downloading it. It often appears as an Apple disk image (DMG) file, masquerading as popular applications such as CleanMyMac or Adobe GenP. Once downloaded and opened, users are prompted to enter their macOS password through the command-line tool, which runs AppleScript and JavaScript.
After the initial password entry, the malware requests a second password, specifically targeting the Ethereum wallet MetaMask. Other widely-used crypto wallets, including those from Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet, are also at risk.
The malware operates by collecting sensitive information and storing it in text files. It then fingerprints the victim’s system to gather details such as IP address and operating system version. Tara Gould, a researcher at Cado Security, explained that the primary function of Cthulhu Stealer is to steal credentials and cryptocurrency wallets, and it can also target game accounts.
Cthulhu Stealer shares similarities with another malware known as Atomic Stealer, discovered in 2023. Gould suggests that Cthulhu Stealer is a modified version of Atomic Stealer, indicating that the developer behind this new malware strain adapted existing code to create the current threat.
The malware has been rented out to affiliates for $500 per month via the Telegram messaging platform, with profits shared among the developers. Recent disputes over payments have led to accusations of an exit scam, with some scammers reportedly disappearing.
The emergence of Cthulhu Stealer and similar threats, such as AMOS malware that clones Ledger Live software, has prompted Apple to enhance its security measures. Apple has recently updated macOS to make it more difficult for users to bypass Gatekeeper protections, which ensure that only trusted applications are executed.
In a related incident, Florida resident Maria Vaca has filed a lawsuit against Google, alleging negligence in connection with a crypto investment scam. Vaca claims she lost over $5 million due to a fraudulent crypto app called Yobit Pro, which she downloaded from the Google Play Store.
This lawsuit follows Google's earlier legal action against developers of 87 fraudulent apps that scammed over 100,000 users, including 8,700 in the U.S. While Yobit Pro was not included in this lawsuit, its tactics—promising high returns and then demanding additional payments—mirror those described in Vaca’s case.
In response to such incidents, Google has introduced a new feature allowing users to search balances of wallets across various blockchains, including Bitcoin, Arbitrum, Avalanche, Optimism, Polygon, and Fantom.
The rise of Cthulhu Stealer and other similar malware variants poses a significant threat to cryptocurrency users and highlights the need for vigilance and robust cybersecurity measures. As attackers continue to refine their tactics, both individuals and technology companies must remain proactive in safeguarding against such threats.
Apple’s recent updates to macOS and Google's new security features represent important steps in combating these threats, but users should also exercise caution and verify the legitimacy of software and apps before downloading. As the cybersecurity landscape evolves, staying informed and adopting best practices will be crucial in protecting personal information and financial assets.
August 2024, Cryptoniteuae