A $500-a-month malware dubbed \'Cthulhu Stealer\' targets macOS users and steals sensitive data

A new information-stealing malware targeting Apple macOS users has been exposed by cybersecurity researchers. Referred to as "Cthulhu Stealer", it first became available as a malware-as-a-service (MaaS) offering for $500 per month in late 2023. MaaS lets individuals with limited technical skills engage in cyberattacks. Notable examples of MaaS platforms include Blackshades, Zeus, Nymaim, and Emotet, which have been used to launch various types of attacks, such as banking Trojans, botnets, and ransomware.

Cthulhu Stealer is a disguised Apple disk image (DMG) file that contains two binaries, depending on the system architecture. The malware is written in Golang and impersonates verified software/apps, such as CleanMyMac, Grand Theft Auto IV, and Adobe GenP.

Users who fall victim are prompted to enter their system password and MetaMask password. Cthulhu Stealer also harvests system information, iCloud Keychain passwords, web browser cookies, and Telegram account information. This stolen data is then compressed, stored in a ZIP archive file, and exfiltrated to a command-and-control (C2) server. C2 servers have often been used in the past to distribute malicious software. The SolarWinds 2020 CyberAttack is one such example, where the software supply chain of the tech company was compromised.

The malware mainly steals credentials and cryptocurrency wallet info from various online accounts. As per reports, the individuals responsible for developing and distributing Cthulhu Stealer are no longer active in the cybercrime landscape. This is likely due to internal disputes within their organization and accusations of fraudulent activities, leading to a permanent ban.

To protect themselves, users are advised to download software only from trusted sources, avoid installing unverified apps, and keep their systems up-to-date with the latest security updates. Apple has also announced plans to add additional security measures in macOS Sequoia to prevent users from easily overriding Gatekeeper protections.

The above is the detailed content of A $500-a-month malware dubbed \'Cthulhu Stealer\' targets macOS users and steals sensitive data. For more information, please follow other related articles on the PHP Chinese website!