Users Using MacOS Are the Target of Complex Malware
In contrast to Windows users, Mac users have historically felt less susceptible to viruses; nonetheless, a new threat has surfaced. According to recent study, there is malware on macOS that poses as well-known programs with the intention of stealing cryptocurrency wallets and login data. This clever attack technique draws attention to a growing cybersecurity risk among macOS users.
Presenting Cthulhu Stealer
Cthulhu Stealer is a new type of malware-as-a-service (MaaS) that was discovered by Cado Security recently. From compromised computers, this malware can retrieve a variety of private data, such as browser cookies, crypto wallet data, stored passwords, and Telegram account information. The malware was discovered for the first time in late 2023, and hackers may purchase it for $500 a month on the black web, making it a useful tool.
Channels of Distribution and Sales
According to Cado Security, Cthulhu Stealer was advertised on two well-known malware markets, which operate as focal points for the exchange, promotion, and sale of these kinds of harmful programs. The malware was also promoted via Telegram. This distribution strategy highlights the malware’s extensive reach and well-planned marketing.
Deceitful Strategies for Contamination
Malware gains access to systems by impersonating trustworthy apps. Examples of malware disguises given by Cado were CleanMyMac, Grand Theft Auto IV (which is probably a typo for VI), and Adobe GenP. When users try to install these seemingly harmless programs, Apple’s Gatekeeper—a security system intended to prevent harmful downloads—may alert them with warnings. In the event that users disregard these alerts, Cthulhu Stealer poses as trustworthy software and asks for the system password, which it exploits to gain access to and steal confidential information.
Comparison with Prior Malware
As far as Cado is concerned, Atomic Stealer, which was offered for $1,000 a month on Telegram last year, functions a lot like Cthulhu Stealer. Similar powers were possessed by Atomic Stealer, which could access system data and keychain passwords on a Mac. Given the similarities, it is likely that the makers of Cthulhu Stealer altered Atomic Stealer’s code to produce their own strain of malware.
As of Right Now, the Malware Operation
The Cthulhu Team, the gang responsible for the malware, seems to be dormant for now, according to Cado Security. Part of the reason for this drop in activity is the discontent expressed by affiliates who used the Cthulhu Stealer service and complained about payment problems. This suggests that intrinsic problems with the malware’s operation may be affecting its efficacy and scope.
