Author: CryptoBazi Analyst
Published On: 26/8/2024, 7:27:20 am
In a recent development, cybersecurity experts have issued a stern warning to Apple Mac users about a new and dangerous malware variant named “Cthulhu Stealer.” This malware, which cunningly disguises itself as legitimate software, poses a significant risk to users by stealing sensitive personal information and targeting cryptocurrency wallets.
Cybersecurity firm Cado Security has brought attention to the alarming rise in macOS malware, highlighting that despite macOS’s reputation for being a secure operating system, the threat landscape is evolving rapidly. The emergence of Cthulhu Stealer marks a new chapter in this ongoing battle, as the malware is specifically designed to infiltrate Mac systems and exploit user vulnerabilities.
“While macOS has a reputation for being secure, macOS malware has been trending up in recent years,” Cado Security stated in their recent report, signaling a growing concern for Apple users.
Cthulhu Stealer is particularly insidious because it masquerades as well-known, legitimate software applications such as CleanMyMac or Adobe GenP. It often appears as an Apple disk image (DMG) file, which is a common format for installing software on macOS. Once the user downloads and opens the file, the malware prompts them to enter their password using macOS’s command-line tool, which runs AppleScript and JavaScript.
This initial password request is only the beginning. After gaining the first level of access, the malware then prompts the user for a second password, specifically targeting the popular Ethereum wallet, MetaMask. However, the threat doesn’t stop there—other widely-used cryptocurrency wallets, including those from Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet, are also at risk.
Once Cthulhu Stealer successfully infiltrates the system, it stores the stolen data in text files. It then begins fingerprinting the victim’s system, gathering information such as IP addresses, operating system versions, and other critical data that can be exploited further.
The primary function of Cthulhu Stealer is to steal credentials and cryptocurrency wallets from various sources. According to Tara Gould, a researcher at Cado Security, “The main functionality of Cthulhu Stealer is to steal credentials and cryptocurrency wallets from various stores, including game accounts.” This level of intrusion can have devastating consequences for individuals who store significant amounts of cryptocurrency on their devices.
Cthulhu Stealer shares similarities with another malware known as Atomic Stealer, which was discovered in 2023 also targeting Apple computers. Gould suggests that the developer behind Cthulhu Stealer likely modified Atomic Stealer’s code to create this new strain. This connection highlights the evolving nature of cyber threats, where malware developers continually refine and adapt their tools to evade detection and maximize their impact.
In a disturbing twist, Cthulhu Stealer has been made available to affiliates for rent at a cost of $500 per month through the Telegram messaging platform. This model allows the developers to share profits with those who use the malware for their own malicious purposes. However, recent reports suggest that disputes over payments have led to the disappearance of the main scammers, raising suspicions of an exit scam.
The rise of Cthulhu Stealer, along with other similar threats such as the AMOS malware that clones Ledger Live software, has prompted Apple to take decisive action. The tech giant recently announced updates to its macOS operating system aimed at bolstering security. These updates are designed to make it more difficult for users to bypass Gatekeeper protections, which ensure that only trusted applications are run on macOS devices.
Gatekeeper plays a crucial role in preventing unauthorized software from executing on a Mac, but the persistence and sophistication of malware like Cthulhu Stealer underscore the importance of users remaining vigilant and cautious when downloading software.
The impact of malicious software on the cryptocurrency community extends beyond just the technical sphere. In a related incident, a Florida resident named Maria Vaca filed a lawsuit against Google, alleging that the tech giant’s negligence led to her losing over $5 million. Vaca claims she was deceived by a fraudulent crypto investment app called Yobit Pro, which she downloaded from the Google Play Store.
This lawsuit is part of a broader trend of legal actions targeting tech companies for their role in facilitating scams. In April, Google itself sued two developers for creating 87 fraudulent apps that scammed over 100,000 users, including 8,700 U.S. residents. Although Yobit Pro was not specifically mentioned in Google’s lawsuit, the tactics described in the suit mirror Vaca’s experience. Fraudulent apps often lure users with promises of high returns, only to demand additional payments under the guise of taxes or fees, with no intention of allowing users to withdraw their funds.
In response to these growing concerns, Google has introduced a new feature allowing users to search the balances of wallets on several major blockchains, including Bitcoin, Arbitrum, Avalanche, Optimism, Polygon, and Fantom. This feature is part of the tech giant’s ongoing efforts to enhance transparency and security in the digital asset space.
As the digital landscape continues to evolve, so too do the threats that users face. The emergence of Cthulhu Stealer is a stark reminder that no system is completely immune to attack. For Mac users, it underscores the importance of staying informed, using trusted software sources, and exercising caution when prompted to enter sensitive information.
The cybersecurity community, along with tech giants like Apple and Google, must remain vigilant in their efforts to protect users from increasingly sophisticated threats. In the meantime, users are encouraged to keep their systems updated, be cautious of suspicious downloads, and use strong, unique passwords to safeguard their digital assets.