New macOS Malware “Cthulhu Stealer” Targets Apple Users’ Data

Cracked macOS Finder icon with green malware inside.

Cybersecurity researchers have uncovered a new macOS malware, named “Cthulhu Stealer,” that poses a significant threat to Apple users. This malware, which has been circulating since late 2023, is available under a Malware-as-a-Service (MaaS) model, priced at $500 per month. It is capable of targeting both x86_64 and Arm architectures, marking a concerning development for macOS users.


How “Cthulhu Stealer” Works

The Cthulhu Stealer disguises itself as legitimate software, often imitating popular programs like CleanMyMac, Grand Theft Auto IV, and Adobe GenP. Once a user bypasses Apple’s Gatekeeper protections and runs the malware, it prompts them to enter their system password. This initial step is followed by a request for their MetaMask password. The malware then harvests sensitive information, including iCloud Keychain passwords, web browser cookies, and Telegram account details. All of this stolen data is compressed into a ZIP file and sent to a remote command-and-control (C2) server.

Cracked macOS Finder icon with green malware inside.

Prevention and Response

Although macOS threats are less common than those targeting Windows and Linux, the rise of Cthulhu Stealer serves as a reminder for Apple users to exercise caution. Experts recommend downloading software only from trusted sources and avoiding unverified apps. Keeping macOS up-to-date with the latest security updates is also crucial. In response to increasing threats, Apple has announced upcoming changes in macOS Sequoia, which will further tighten security by limiting the ability to override Gatekeeper protections.


SOURCES:The Hacker News
Share This Article