Cthulhu Stealer: A New Malware Threat for MacOS

Cthulhu Stealer: A New macOS Malware Threat

Cado Security’s cybersecurity experts have discovered a new information-stealing malware targeting Apple’s macOS operating system. This malware is called Cthulhu Stealer and can steal various sensitive data from users, including system information, iCloud Keychain passwords (using an open-source tool called Chainbreaker for this process), other login credentials, cookies through web browsers, and Telegram account information.

Cthulhu Stealer directs its victims to enter their system passwords and login credentials for the popular MetaMask cryptocurrency wallet. Cado Security’s researchers state in their report: “The main function of Cthulhu Stealer is to steal credentials and cryptocurrency wallets from various online stores, including gaming accounts.” They also add, “Cthulhu Stealer’s functionality and features show a great similarity to another malware called Atomic Stealer; this suggests that the developer of Cthulhu Stealer has likely taken the code of Atomic Stealer and made modifications.”

Since the malware requires victims to explicitly accept terms of service, users are likely to accept these terms as they generally expect legitimate software. The Cthulhu malware, which reportedly costs $500 per month and works on both x86_64 and Arm architectures, compresses the data it collects into a .ZIP archive and sends it to a command and control (C2) server through unknown means.

Fortunately, this malware is not excessively advanced and can likely be detected by most of today’s top antivirus software. However, it is crucial for users to be cautious and exercise care when downloading unknown software.