Are you a macOS user with crypto holdings? You might think you’re safe, but a new threat has emerged from the depths of the internet: Cthulhu Stealer. This malware targets macOS, stealing crypto from popular wallets like MetaMask and Binance. Don’t let your digital assets become a victim – read on to learn how it works and how to protect yourself.
Cthulhu Stealer: macOS’s Crypto Nightmare
- Cthulhu Stealer, a new malware, targets macOS, stealing crypto from wallets like MetaMask and Binance.
- Disguised as legitimate apps, it tricks users into entering passwords, accessing Keychain, and stealing data.
- Scammers charge $500/month for this malware, promoting it via Telegram and targeting users with fake job offers.
Cado Security’s discovery has thoroughly debunked the belief that macOS systems are impervious to malware. This revelation concerns a new malware-as-a-service (MaaS) called “Cthulhu Stealer,” which targets macOS users through deceptive means.
The rise of Cthulhu Stealer indicates that no system is completely secure against cyber threats.
How Does Cthulhu Stealer Snatch Your Crypto?
Cthulhu Stealer disguises itself as legitimate applications such as CleanMyMac, Adobe GenP, and even a fake early release of “Grand Theft Auto VI.” This makes it tricky to spot!
Once a user downloads and mounts the malicious DMG file, the malware prompts them to enter their system and MetaMask passwords. This is the first step in the deception.
After you enter your credentials, the malware uses osascript, a legitimate macOS tool, to extract passwords directly from your system’s Keychain. This is where things get serious.
This stolen data, including details from crypto wallets like MetaMask, Coinbase, and Binance, is compiled into a zip archive. The archive is named with your country code and the time of the attack, making it easy for the attackers to organize their loot.
But Cthulhu Stealer doesn’t stop there! It also steals data from a wide range of other platforms, including:
- Chrome extension wallets
- Minecraft user information
- Wasabi wallet
- Keychain passwords
- SafeStorage passwords
- Battlenet game, cache, and log data
- Firefox cookies
- Daedalus wallet
- Electrum wallet
- Atomic wallet
- Harmony wallet
- Electrum wallet
- Enjin wallet
- Hoo wallet
- Dapper wallet
- Coinomi wallet
- Trust wallet
- Blockchain wallet
- XDeFi wallet
- Browser cookies
- Telegram Tdata account information
The malware also grabs detailed system information like your IP address, system name, and OS version. This data is sent to a command and control (C2) server, giving the attackers even more information to exploit.
Scammers are using social engineering tactics to trick victims into installing the malware. For example, some pose as employers offering fake jobs that require downloading software to track working hours. These offers often come with a false sense of urgency, pressuring victims to download the application quickly.
Cthulhu Stealer: A $500/Month Malware-as-a-Service
The developers and affiliates behind Cthulhu Stealer, known as the Cthulhu Team, are using Telegram to manage their operations. This makes it easy for them to coordinate attacks and distribute the malware.
According to Cado Security: “The stealer appears to be being rented out to individuals for $500/month, with the main developer paying out a percentage of earnings to affiliates based on their deployment. Each affiliate of the stealer is responsible for the deployment of the malware. Cado has found Cthulhu stealer sold on two well-known malware marketplaces which are used for communication, arbitration and advertising of the stealer, along with Telegram.”
How to Protect Yourself from Cthulhu Stealer
So, how can you protect yourself from this nasty piece of malware? Here are a few key steps:
- Install reputable antivirus software: Make sure you have a good antivirus program specifically designed for macOS. Keep it updated.
- Be wary of suspicious job offers: Don’t download software from unverified sources, especially if the offer seems too good to be true.
- Keep your software up to date: Regular software updates patch security vulnerabilities that malware can exploit.
- Enable Two-Factor Authentication (2FA): Add an extra layer of security to your crypto wallets and other important accounts.
- Use strong, unique passwords: Avoid reusing passwords across multiple accounts.
Cthulhu Stealer is a serious threat to macOS users, especially those involved in the crypto world. By staying informed and taking proactive steps to protect your system, you can significantly reduce your risk of becoming a victim.
Disclaimer: The information provided is not trading advice, Bitcoinworld.co.in holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.
