Mac Users at Risk: Cthulhu Stealer Malware Targets Crypto Wallets

The new Mac malware, "Cthulhu Stealer," targets crypto wallets and mimics legitimate software to deceive users.
Voice of Crypto, Crypto Scams, Crypto
Published on

Key Insights

  • A new malware variant called Cthulhu Stealer is targeting Apple Mac users and is stealing crypto wallet credentials, among other things.

  • It disguises itself as legitimate software to trick them into downloading and opening it.

  • Once installed, Cthulhu Stealer requests user passwords and then gets to work by cracking crypto wallets.

  • Interestingly, this stealer is similar to the Atomic Stealer malware from 2023.

  • To be safe, never download software from unidentified sources.

There is a new crypto threat in town, and it appears that crypto wallet contents are no longer safe.

This issue is from a malware called "Cthulhu Stealer".

According to cybersecurity firm Cado Security, the so-called Cthulhu stealer is designed to infect macOS computers, steal user information and possibly drain crypto wallets.

If you own a Mac or know someone who does, here’s everything to know.

The Rise of macOS Malware

MacOS has a long-standing reputation for being a secure operating system, and Apple sells thousands of it annually.

However, recent trends have suggested that the concept of security isn't a "one size fits all" topic.

According to insights from a recent report from the cybersecurity firm Cado Security, the number of malware variants targeting macOS computers has been on the rise.

In particular, Cthulhu Stealer is the latest example.

An analysis of Cthulhu stealer

An analysis of Cthulhu stealer

Cado says that this malware is a Trojan that disguises itself as legitimate software, like CleanMyMac or Adobe GenP, in the form of an Apple disk image (DMG).

This outward appearance tricks users into downloading and opening them—and once the user does so, they are prompted to enter their password through macOS’s command-line tool (mimicking normal system behaviour).

If the user takes the bait, the malware gets to work and asks for a second password. This password specifically targets popular crypto wallets like MetaMask.

Other wallets include Coinbase, Wasabi, Electrum, Atomic and even Binance.

Cthulhu stealer then steals data like IP addresses, emails, and operating system versions and stores them in text files that the attackers can then use.

Similarities with Atomic Stealer and Cybercrime Tactics

Cado also highlights that Cthulhu is very similar to another kind of Trojan called Atomic Stealer, which first appeared as another apple threat in 2023.

The security firm notes that the developer behind Cthulhu Stealer (likely the same person(s)) likely modified the original virus to create this new variant.

In essence, this means that if one variant can be created, then a dozen or even a hundred can—which is a worrying trend.

The firm also notes that the software is available for sale on Telegram to anyone with $500 to pay per month.

Interestingly, the developers of this malware are likely more than a single person, and disputes over how to share the revenue have caused the main scammers to disband in what looks like an exit scam within the cybercriminal community.

Another sophisticated variant of this stealer software includes AMOS (which clones the Ledger Live software).

Overall, Cado's report mentions the importance of safety in crypto and the dangers of downloading software from unfamiliar sources.

Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information but will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.

Related Stories

No stories found.
Voice Of Crypto
voiceofcrypto.online