A newly discovered cybercrime tool, Cthulhu Stealer [1] [2] [3], has been targeting macOS users by posing as legitimate software programs like CleanMyMac or Grand Theft Auto [3].

Description

This malware-as-a-service (MaaS) operates by disguising itself using Apple disk images (DMG) and prompts users for system and MetaMask passwords to steal confidential information, including crypto, game account [1] [3], and browser credentials [3]. Cthulhu Stealer stores stolen data in a directory, compresses it into a zip file [2], and sends it to the malware’s command and control (C2) server [2]. With similarities to Atomic Stealer and disputes among developers, there are indications of a shared developer between the two variants. The Cthulhu Team rents out this malware for $500 per month to affiliates [1] [2], but internal conflicts have led to accusations of fraud and the expulsion of the main developer from a popular malware marketplace [2]. Despite lacking standout stealth techniques [3], Cthulhu Stealer has become a prevalent threat globally. The historical disregard for macOS threats within the security community has left defenders at a disadvantage, lacking expertise and tools for protection. To safeguard against Cthulhu Stealer, macOS users are advised to download software from trusted sources [1] [2], activate security features like Gatekeeper [1] [2], maintain system updates, and utilize reputable antivirus software [1] [2].

Conclusion

The prevalence of Cthulhu Stealer poses a significant threat to macOS users globally. It is crucial for users to take proactive measures to protect their systems and data. By following security best practices and staying informed about emerging cyber threats, users can mitigate the risks associated with malware attacks like Cthulhu Stealer.

References

[1] https://www.infosecurity-magazine.com/news/cthulhu-stealer-malware-macos/
[2] https://islainformatica.com/el-malware-cthulhu-stealer-ataca-macos-con-tacticas-enganosas/
[3] https://www.darkreading.com/threat-intelligence/infostealers-waltz-through-macos-to-grab-crypto-wallets-browser-creds