Warning for Mac Users: Malware Posing as Popular Apps Could Steal Your Passwords and Crypto Wallets

Cybersecurity researchers have discovered a new malware targeting macOS designed to steal sensitive user data.

The Hacker News website reported that the malware, called Cthulhu Stealer, imitates popular apps to trick users into obtaining system passwords, Apple’s iCloud Keychain password-retention service passwords, cryptocurrency wallets, and more.

The report indicated that Cthulhu Stealer has been available since late 2023 as a paid service worth $500 per month for cyber-attackers, and its effectiveness lies in its great ability to disguise itself and present itself as legitimate software.

Security researcher Ravi Lakshmanan said that some of the programs that this malware impersonates include CleanMyMac, Grand Theft Auto IV, and Adobe GenP, an open-source tool used to activate Adobe applications without the need for a serial key.

Users who choose to run the unofficial file after bypassing Gatekeeper Protection are prompted to enter their system password, and then asked to enter their MetaMask digital wallet password.

The Cthulhu Stealer malware is designed to collect system information and extract iCloud Keychain passwords using an open-source tool called Chainbreaker.

The malware compresses the stolen data, which also includes browser cookies and Telegram account information, and stores it in a ZIP file, which is then sent to a third-party server.

Although the people behind Cthulhu Stealer are no longer active, the malware can still cause serious damage if it falls into the hands of other malicious users.

Mac users typically don’t face the same level of threats as Windows and Linux systems. However, Cthulhu Stealer appears designed to exploit the sense of security that macOS sometimes provides.

It’s common for many Mac users to routinely bypass Gatekeeper protection, and Apple is trying to change that with macOS Sequoia, but the fact remains that impersonating well-known apps can be an effective way for malware to infiltrate Mac systems and steal users’ data.

To keep themselves safe and private from these threats, users should download apps from the Mac App Store or other reputable third-party platforms, and the official websites of well-known developers are also a safe place to get apps.

Protect Yourself from Cthulhu Stealer Malware

Mac users, beware! Although the creators of Cthulhu Stealer malware may no longer be active, the threat is far from gone. This dangerous malware can still wreak havoc if used by other malicious actors, targeting your passwords, crypto wallets, and sensitive information.

Many Mac users mistakenly assume their systems are safer than others, like Windows or Linux, but Cthulhu Stealer exploits this false sense of security. It impersonates popular apps to bypass protections and infiltrate your system.

To safeguard your device and personal data, follow these precautions:

• Never bypass Gatekeeper protection: Apple’s built-in defense helps block unauthorized apps.
• Download apps only from trusted sources: Use the Mac App Store, reputable third-party platforms, or official developer websites to ensure app legitimacy.
• Stay updated: Apple is working to enhance security with the upcoming macOS Sequoia, but vigilance is key to staying protected.

Protect your privacy and security—be cautious of the apps you download and stay vigilant against malware threats!