Tech
macOS malware Cthulhu Stealer impersonates apps then steals your data
Security researchers have discovered new macOS malware that’s built to steal your most sensitive data. Dubbed ‘Cthulhu Stealer,’ the malware targets users by impersonating popular apps so it can harvest your system password, iCloud Keychain passwords, cryptocurrency wallets, and more.
Cthulhu Stealer malware threat
Cthulhu Stealer has reportedly been available since late 2023 as a $500/month paid service for bad actors. It can be especially effective because of how well it disguises itself as legitimate software.
Ravie Lakshmanan writes for The Hacker News:
Some of the software programs it impersonates include CleanMyMac, Grand Theft Auto IV, and Adobe GenP, the last of which is an open-source tool that patches Adobe apps to bypass the Creative Cloud service and activates them without a serial key.
Users who end up launching the unsigned file after explicitly allowing it to be run – i.e., bypassing Gatekeeper protections – are prompted to enter their system password…In the next step, a second prompt is presented to enter their MetaMask password. Cthulhu Stealer is also designed to harvest system information and dump iCloud Keychain passwords using an open-source tool called Chainbreaker.
The stolen data, which also comprises web browser cookies and Telegram account information, is compressed and stored in a ZIP archive file, after which it’s exfiltrated to a command-and-control (C2) server.
According to Lakshmanan, the threat actors behind Cthulhu Stealer are no longer active. However, the software can still do just as much damage in other malicious users’ hands.
Mac users generally don’t receive as many invasive efforts from the hacker community as Windows and Linux systems. Cthulhu Stealer, however, seems built to take advantage of the sense of security macOS can sometimes provide.
It’s not uncommon for lots of Mac users to routinely bypass Gatekeeper’s protections. Apple is trying to change that in macOS Sequoia. But the fact remains that posing as known apps can be an effective way for malware to infiltrate Mac systems and harvest users’ data.
One way to keep yourself safe from such threats is to prioritize downloading apps from the Mac App Store, and known third-party platforms. Popular developers’ official websites are another generally safe place to get your software.
9to5Mac’s Take
Cthulhu Stealer, and other software threats like it, can do far less damage when users take macOS’s security features seriously. So the next time you’re tempted to bypass Gatekeeper and open a new app downloaded from the web, be sure you know where it’s sourced from.
For more information on Cthulhu Stealer, I recommend reading the full Hacker News article.
Have you encountered Cthulhu Stealer or other malware like it? What are your security best practices? Let us know in the comments.
FTC: We use income earning auto affiliate links. More.