Apple's Macs are not targeted by hackers as much as Windows PCs, but that doesn't mean they are impenetrable Security researchers recently discovered a malware named Cthulhu Stealer This malware steals passwords and data from macOS users by impersonating popular apps
As first reported by The Hacker News, Cado Security issued a public warning this week regarding “Cthulhu Stealer,” a malware-as-a-service targeting macOS users that was launched in late 2023 and sells for $500 per month The company issued a public warning The malware is written in Golang and poses as legitimate software”
It appears as a software program like CleanMyMac, Grand Theft Auto IV, or Adobe GenP in order to trick users into installing it The malware is packaged as a disk image (DMG) file containing two binaries and can attack both Intel and Apple Silicon Macs, depending on which architecture it detects
When a user attempts to open a fake app, Gatekeeper, a built-in security feature of macOS, warns that the software is unsigned If the user chooses to bypass Gatekeeper's protection and let it run anyway, an otherwise legitimate-looking prompt for a system password will appear, followed by a second prompt for the MetaMask cryptocurrency wallet Once the necessary permissions are granted, the Cthulhu Stealer can siphon off a wide range of sensitive data, including passwords stored from the iCloud Keychain, web browser cookies, and Telegram account information
“Cthulhu Stealer's primary function is to steal credentials and cryptocurrency wallets from various stores, including gaming accounts,” Gould explained [This is an osascript-based technique that has been seen before in information thieves and malware such as Atomic Stealer, Cuckoo, MacStealer, and Banshee Stealer However, even if Cthulhu Stealer is not the most sophisticated malware, it remains a serious threat to Mac users who may stumble upon this trap
So what can you do to best protect your Mac from malware like Cthulhu Stealer? First of all, be wary of the apps you download and make sure you know exactly who the download source is: Macs have built-in antivirus software called XProtect, but it is recommended that you use a Mac antivirus software in conjunction Paid antivirus software is updated more regularly and often adds a VPN or password manager to help you stay safe online
Apple is also working on making it more difficult to bypass Gatekeeper's protection in macOS Sequoia, which will be released in mid-September; you can disable Gatekeeper's warnings by holding down the Control key and clicking Instead, allowing the execution of unsigned software must be done through the system settings Hopefully the hassle of taking the extra step will be enough of a deterrent to make users think twice before running potentially dangerous apps
Comments