26th August, 2024
Users of Apple Macs are alerted about a new strain of malware called ‘Cthulhu Stealer’ that steals users’ details including cryptocurrency wallets. The malware targets cryptocurrency wallets including MetaMask, Coinbase, and Binance and operates explicitly on macOS devices. Apple devices were known to be less vulnerable to these viruses than Windows. However, this new malware proves that Mac users are no longer immune to the malware.
MacOS Malware on the Rise
The macOS system has always been considered one of the most secure systems and it was believed that it was not affected by viruses at all. However, this perception has been changing in a few years. On August 22, Cado Security identified a malware-as-a-service (MaaS) targeting macOS named ‘Cthulhu Stealer’. For several years, MacOS was prominent for being secure, but macOS malware has been trending in recent years.
The Cthulhu Stealer disguises itself as being a useful application that users might need, CleanMyMac and Adobe GenP. When downloaded, it presents itself as an Apple disk image (DMG) file. Once the file is opened, the users are taken to enter the system password using macOS’s command line, running AppleScript and JavaScript
How Cthulhu Stealer Works
If the user inputs the password of the system, another window pops up to enter the password to many popular cryptocurrency wallets beginning with MetaMask. Apart from the MetaMask, it targets wallets from Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet.
When the credentials are obtained the malware saves the stolen data in text files and it continues to collect more details about the target’s system including their IP address and the version of macOS the system is running.
Crypto Wallets in the Crosshairs
Tara Gould, the Cado Security researcher, pointed out that the primary use of Cthulhu Stealer is to steal credentials, mainly crypto wallets. Gould also said that the primary objective of the Cthulhu Stealer is to steal the credentials and the wallets including game accounts and various stores.
Cthulhu Stealer is also similar to Atomic Stealer, which was identified in 2023, aiming to target Apple devices. According to Gould, the developer behind Cthulhu Stealer probably rewrote Atomic Stealer’s code to build this new variant.
Malware-as-a-Service
Cthulhu Stealer can be rented, making it more dangerous. A cyber security report reveals that the malware is only being rented out at $500 monthly through the Telegram. These affiliates then use the malware to attack, with the developer taking shares of the profits from the deployments. However, issues concerning payment have also been raised leading to accusations of an exit scam by affiliates.
A Growing Threat to Mac Users
This is just one of the new threats that Mac users are experiencing as Cthulhu Stealer enters. On August 23rd, Cointelegraph published another malware called AMOS, capable of copying the Ledger Live software. This an application for managing Ledger hardware wallets. This means that the distinction is even harder to notice for the user and points to increasing complexity of macOS malware.
Apple has acknowledged to this increasing threat. Earlier, the tech giant has released a new version of the next-generation macOS with the purpose of making difficult for users to bypass the Gatekeeper protections. Gatekeeper is a security measure that helps to prevent unauthorised programs from launching on Mac system.
Conclusion
With the upsurge of malware attacks specifically on macOS, users should be wary of the programs that they install. To deal with increasing cyber attackers, digital assets on Macs need to be up-to-date with the latest in security fixes. As hacking continues to advance Mac users are also at risk from the threat of malware and must tackle the issue head on.
If you liked this article, then please subscribe to our YouTube Channel for web3 video tutorials. You can also find us on Twitter and Instagram.