Apple Mac users should be on high alert as a new and sophisticated malware strain, known as “Cthulhu Stealer,” emerges with a specific focus on stealing cryptocurrency wallet information. Here’s what you need to know about this latest threat and how you can safeguard your digital assets.
Cthulhu Stealer: A New and Dangerous Threat
Cthulhu Stealer has recently been identified as a serious threat to macOS systems, targeting popular cryptocurrency wallets including MetaMask, Coinbase, Binance, Wasabi, Electrum, Atomic, and Blockchain Wallet. This malware is designed to secretly access and steal sensitive information from your crypto wallets, making it a significant concern for digital asset holders.
How It Works
The malware disguises itself as a seemingly harmless Apple disk image (DMG), pretending to be reputable software such as CleanMyMac or Adobe GenP. When users open the file, Cthulhu Stealer uses macOS command-line tools to prompt for the user’s password. After gaining access, it then prompts for the password to cryptocurrency wallets like MetaMask.
Once Cthulhu Stealer obtains the necessary credentials, it stores stolen data in text files and collects additional information about the victim’s system, including IP address and operating system version. Tara Gould from Cado Security notes that “The main functionality of Cthulhu Stealer is to pilfer credentials and cryptocurrency wallets from various sources, including game accounts.”
Connection to Previous Malware
Cthulhu Stealer is strikingly similar to Atomic Stealer, malware discovered in 2023 that also targeted Apple computers. This similarity suggests that the developers of Cthulhu Stealer may have adapted the code from Atomic Stealer to create their new variant.
Distribution and Recent Developments
Initially, Cthulhu Stealer was distributed through Telegram, where it was rented out to affiliates for $500 per month. However, reports indicate that the operators behind this malware have ceased activity, allegedly due to internal disputes and accusations of an exit scam.
In response to these increasing threats, Apple has strengthened macOS security measures. On August 6, Apple announced updates to the next-generation macOS, making it more challenging for users to bypass Gatekeeper protections that ensure only trusted applications are installed.
Additionally, on August 23, AMOS, which targets Mac users by cloning Ledger Live software. Earlier in May, Telegram addressed an exploit related to macOS camera access, attributing it more to Apple’s permission settings than to Telegram itself.
Stay Safe and Secure
The emergence of Cthulhu Stealer underscores the need for vigilance in the face of evolving cybersecurity threats. By keeping your software updated, being cautious with downloads, and employing robust security measures, you can better protect your cryptocurrency holdings from such malicious attacks. Stay informed and proactive to ensure your digital assets remain secure.
