Mac Users Warned Over Malware Cthulhu Stealer Targeting Crypto Wallets
Please note that we are not authorised to provide any investment advice. The content on this page is for information purposes only.
Apple Mac users are being alerted to a new strain of malware called Cthulhu Stealer, which poses a major threat by targeting popular cryptocurrency wallets. This malware is designed to steal personal information and access crypto wallets from well-known platforms like MetaMask, Coinbase, Binance, and several others.
A Growing Threat to Mac Users
For years, the general belief has been that macOS systems aren’t affected by most forms of malware. However, this belief is rapidly changing as more cybersecurity experts have shown an increasing trend of macOS malware.
“While macOS has a reputation for being secure, macOS malware has been trending up in recent years,” stated Cado Security.
Cthulhu Stealer disguises itself as legitimate software, such as CleanMyMac and Adobe GenP, as an Apple disk image (DMG). Once the file is opened, the malware uses the macOS command-line tool to run AppleScript and JavaScript, prompting users to enter their passwords.
After this initial breach, the malware requests the password for popular Ethereum wallets like MetaMask. It also targets other crypto wallets, such as Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet.
Malware "Cthulhu" threatens crypto wallets on macOS
Mac users are warned about the new malware "Cthulhu Stealer", which attacks crypto wallets such as MetaMask, Coinbase and Binance.
The malware disguises itself as legitimate programs such as CleanMyMac and requires the entry…
— Merdan Halilovic (@merdannp) August 26, 2024
The stolen information is stored in text files, and the malware further fingerprints the victim’s system to gather additional data such as IP address and operating system version.
“The main functionality of Cthulhu Stealer is to steal credentials and cryptocurrency wallets from various stores, including game accounts,” explained Cado researcher Tara Gould.
Cthulhu Stealer’s Origin
Cthulhu Stealer shares significant similarities with Atomic Stealer, another malware identified in 2023 that also targeted Apple computers.
Mac Users Beware: Malvertising Campaign Spreads Atomic Stealer macOS Malware https://t.co/Y7UT7UXVtz
— Nicolas Krassas (@Dinosn) September 7, 2023
According to Gould, this indicates that the developer of Cthulhu Stealer “probably took Atomic Stealer and modified the code.”
The malware has been made available to affiliates for rent at $500 monthly through the Telegram messaging platform, where profits from successful deployments are shared with the main developer.
However, the operations behind Cthulhu Stealer appear to have hit a snag. The scammers are reportedly no longer active following disputes over payments that have led to accusations of an exit scam by affiliates.
In response to the growing threat, Apple acknowledged the increasing risk of malware targeting its operating systems.
On August 6, 2024, the tech giant announced an update to its next-generation macOS version, which makes it slightly more challenging for users to override Gatekeeper protections that ensure only trusted applications can run on the system.
