A new malware-as-a-service (MaaS) known as Cthulhu Stealer [1] [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] has emerged, targeting Apple macOS users through deceptive tactics.

Description

Cthulhu Stealer, priced at $500 per month on the dark web, disguises itself as legitimate software in Apple disk images (DMG) [4] [10]. This malicious software, developed in Golang, mimics popular applications like CleanMyMac, Grand Theft Auto IV [5] [6] [7] [8] [9], and Adobe GenP to trick users into entering their system password using the macOS osascript tool. It can extract sensitive data such as MetaMask digital wallet information, iCloud Keychain passwords [1] [2] [6] [11], web browser cookies [1] [2] [6] [8] [10] [11], and various account details from sources like game accounts [10], Telegram [1] [2] [8] [10] [11], Minecraft [10], and Battlenet [10]. The stolen data is then compressed into a ZIP archive file and sent to a command-and-control server. Despite lacking advanced anti-analysis techniques and unique features, Cthulhu Stealer poses a significant threat to Mac users [7]. The threat actors [2] [11], known as the Cthulhu Team [4], have reportedly ceased operations due to payment disputes, with allegations of an exit scam involving affiliates [2]. To protect against such threats, users are advised to download software only from reputable sources [5], avoid installing unverified applications [2] [11], and regularly update their systems with the latest security patches [8]. Apple has announced plans to enhance security measures in the upcoming macOS version, Sequoia [2] [11], to prevent the execution of unsigned or unnotarized software.

Conclusion

Cthulhu Stealer’s emergence highlights the importance of cybersecurity vigilance for Mac users. By following best practices and staying informed about potential threats, users can mitigate risks and safeguard their sensitive information. Apple’s proactive approach to enhancing security measures demonstrates a commitment to protecting its users from evolving cyber threats.

References

[1] https://www.techradar.com/pro/security/a-new-macos-data-stealer-is-going-after-apple-users
[2] https://thehackernews.com/2024/08/new-macos-malware-cthulhu-stealer.html
[3] https://www.scmagazine.com/brief/cthulhu-stealer-malware-scams-macos-users-and-its-own-affiliates
[4] https://www.infosecurity-magazine.com/news/cthulhu-stealer-malware-macos/
[5] https://manilastandard.net/news/314488526/new-malware-targeting-macos-poses-as-legitimate-apps-to-steal-sensitive-data.html
[6] https://appleinsider.com/articles/24/08/23/evolved-and-more-powerful-macos-malware-strain-sold-cheaply-to-criminals
[7] https://www.tomsguide.com/computing/malware-adware/new-macos-malware-poses-as-legitimate-apps-to-steal-passwords-crypto-wallets-and-more-how-to-stay-safe
[8] https://www.thetechoutlook.com/news/security/macos-security-at-risk-cthulhu-stealer-malware-targets-apple-users/
[9] https://www.macrumors.com/2024/08/23/cthulu-stealer-macos-malware/
[10] https://securityaffairs.com/167454/malware/cthulhu-stealer-targets-apple-macos.html
[11] https://thecybersecurity.news/general-cyber-security-news/new-macos-malware-cthulhu-stealer-targets-apple-users-data-30589/