Cado Security recently issued a warning to Apple Mac users about a new malware variant named “Cthulhu Stealer” that aims to steal personal information and target cryptocurrency wallets. Despite MacOS having a reputation for being secure, there has been an increase in macOS malware in recent years. The Cthulhu Stealer malware disguises itself as legitimate software, like CleanMyMac or Adobe GenP, and is presented as an Apple disk image (DMG). Once users download and open the file, they are prompted to enter their password through macOS’s command-line tool, ultimately leading to the theft of personal information and targeting of cryptocurrency wallets, specifically Ethereum wallet MetaMask. Other popular crypto wallets at risk include those from Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet.
The main functionality of Cthulhu Stealer is to gather credentials and cryptocurrency wallets from various sources, including game accounts. The malware stores the stolen data in text files and gathers information about the victim’s system, such as IP address and operating system version. Cado Security researcher Tara Gould noted that Cthulhu Stealer bears similarities to another malware called Atomic Stealer, discovered in 2023 targeting Apple computers. It is believed that the developer of Cthulhu Stealer modified the code of Atomic Stealer to create this new strain. The malware was reportedly rented out to affiliates for $500 per month through the Telegram messaging platform, with profits shared among the developers. However, disputes over payments have led to accusations of an exit scam, causing the main scammers to disappear.
In a separate incident, a Florida woman named Maria Vaca has filed a lawsuit against Google, alleging that the tech giant’s negligence resulted in her losing over $5 million. Vaca claims she was deceived by a crypto investment app called Yobit Pro, which she downloaded from the Google Play Store. Google has previously sued two developers for creating 87 fraudulent apps that scammed over 100,000 users, including 8,700 U.S. residents, although Yobit Pro was not mentioned in the lawsuit. The tactics used by fraudulent apps typically involve enticing users with promises of high returns, only to demand additional payments under the guise of taxes or fees, without allowing users to withdraw their funds. Google has introduced a feature allowing users to search balances of wallets on various blockchains such as Bitcoin, Arbitrum, Avalanche, Optimism, Polygon, and Fantom.
As a response to the rise of threats like Cthulhu Stealer and the AMOS malware, which clones Ledger Live software, Apple has announced updates to its macOS to make it more challenging for users to circumvent Gatekeeper protections. These protections are designed to ensure that only trusted applications are executed on Apple devices. Companies like Cado Security play a crucial role in identifying and warning users about potential cybersecurity threats targeting Apple Mac users. It is important for individuals to remain vigilant and take necessary precautions to protect their personal information and cryptocurrency wallets from malicious attacks. The evolving landscape of cybersecurity requires continuous efforts by tech companies, security firms, and individual users to stay ahead of cyber threats and maintain a secure digital environment.
