- How Cthulhu Stealer Works?
- Similarities with Other Malware
- Current Situation with Cthulhu Stealer
A new strain of malware named Cthulhu Stealer is targeting Apple Mac users, capable of extracting personal information and accessing crypto wallets.
How Cthulhu Stealer Works?
The new malware appears as an Apple Disk image, disguising itself as legitimate applications like CleanMyMac or Adobe GenP. Users who open the malicious file are prompted to enter their system’s password, followed by a prompt for their MetaMask wallet password. It also targets other popular wallets installed on the device, including Coinbase, Wasabi, Electrum, Binance, Atomic, and Blockchain Wallet. The malware gathers information such as the device’s IP address and operating system, storing the stolen data in text files.
Similarities with Other Malware
Cybersecurity firm Cado Security identified similarities between Cthulhu Stealer and a malware called Atomic Stealer discovered in 2023. Both are designed to steal crypto wallet information, browser credentials, and keychain information.
Current Situation with Cthulhu Stealer
Cthulhu Stealer is being rented out on Telegram to affiliates for $500 per month. The lead developer also takes a percentage of the profits from every successful deployment. However, the scammers behind the malware seem to have become inactive due to disputes over payments, leading to accusations of an exit scam by affiliates.
The new Cthulhu Stealer malware poses a significant threat to Apple Mac users by stealing personal information and targeting popular crypto wallets. Users are advised to be cautious of suspicious files and not to enter their passwords on dubious sites.
