New macOS Malware Cthulhu Stealer Targets Apple Users with Credential Theft
New macOS Malware Cthulhu Stealer Targets Apple Users with Credential Theft
Overview of Cthulhu Stealer
Cybersecurity researchers have recently identified a new malware targeting Apple macOS users, dubbed Cthulhu Stealer. This information stealer is part of a growing trend of cyber threats aimed at macOS, a platform traditionally considered less vulnerable than Windows or Linux. Cthulhu Stealer is available as malware-as-a-service (MaaS) for $500 a month and has been active since late 2023.
Technical Details
Cthulhu Stealer is distributed as an Apple disk image (DMG) containing binaries for both x86_64 and Arm architectures, allowing it to target a wide range of macOS devices. Written in Golang, the malware masquerades as legitimate software, tricking users into downloading and running it. Some of the programs it impersonates include CleanMyMac, Grand Theft Auto IV, and Adobe GenP, an open-source tool used to bypass Adobe Creative Cloud services.
Once executed, the malware prompts the user to enter their system password, using an osascript-based technique similar to other macOS stealers like Atomic Stealer, Cuckoo, MacStealer, and Banshee Stealer. It then requests the MetaMask password and proceeds to harvest system information, iCloud Keychain passwords, web browser cookies, and Telegram account information using an open-source tool called Chainbreaker.
See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses
Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.
The stolen data is compressed into a ZIP file and sent to a command-and-control (C2) server, where it can be used for various malicious purposes, including credential theft and cryptocurrency wallet draining.
Threat Landscape
Cthulhu Stealer is part of a broader trend of increasing macOS-targeted malware, which has prompted Apple to enhance its security measures. In the upcoming macOS Sequoia update, Apple plans to tighten security by disabling the ability to bypass Gatekeeper protections through Control-click, requiring users to manually review security information in System Settings before running unsigned or unnotarized software.
Despite its capabilities, Cthulhu Stealer is not particularly sophisticated and lacks advanced anti-analysis techniques. The developer behind the malware has reportedly been banned from cybercrime marketplaces due to disputes with affiliates, leading to accusations of an exit scam.
Trending: Digital Forensics Tool: Elyzer
Mitigation and Prevention
Although threats to macOS remain less prevalent than those targeting Windows and Linux, users should remain vigilant. It is strongly recommended to:
- Download software only from trusted sources.
- Avoid installing unverified apps.
- Keep systems updated with the latest security patches.
- Be cautious when prompted to enter system passwords, especially when dealing with unsigned software.
Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]
Source: thehackernews.com
Recent News
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
