Although Apple’s Macs are not as frequently targeted by hackers as Windows PCs, they are still not impenetrable. Security researchers recently discovered malware called “Cthulhu Stealer” that impersonates popular apps to harvest passwords and steal data from macOS users.
As first reported by The Hacker News, Cado Security this week issued a public warning about Cthulhu Stealer, a malware-as-a-service solution aimed at macOS users that will launch in late 2023 and sell for $500 a month. “The malware is written in Golang and disguises itself as legitimate software,” said Cado Security researcher Tara Gould.
To trick users into installing it, it appears as a software program such as CleanMyMac, Grand Theft Auto IV, or Adobe GenP, an open-source tool that some Adobe users use to bypass a Creative Cloud subscription. The malware is delivered as a disk image (DMG) file containing a pair of binary files that allow it to attack both Intel and Apple Silicon Macs, depending on which architecture it detects.
When a user attempts to open the fake app, Gatekeeper, the security feature built into macOS, warns that the software is unsigned. If the user chooses to bypass Gatekeeper protection and let the app run anyway, an otherwise legitimate-looking prompt asks them to enter their system password, followed by a second prompt to enter the MetaMask cryptocurrency wallet. Once Cthulhu Stealer has the necessary permissions, it can harvest a variety of sensitive data, including saved passwords from iCloud Keychain, web browser cookies, and Telegram account information.
“The main function of Cthulhu Stealer is to steal login credentials and cryptocurrency wallets from various stores, including gaming accounts,” Gould explained.
It is an Osascript-based technique that we have already seen in infostealers and malware such as Atomic Stealer, Cuckoo, MacStealer and Banshee Stealer. But even though Cthulhu Stealer is not the most sophisticated malware, it still poses a serious threat to Mac users who might fall into this trap.
How to protect yourself from Mac malware
So what can you do to protect the best Macs from malware like Cthulhu Stealer? First and foremost, be vigilant about the apps you download and use all due diligence to make sure that whoever you download the apps from is who they claim to be. Although your Mac has built-in antivirus software with XProtect, you should use it in combination with one of the best antivirus software solutions for Mac. Paid antivirus software is updated more regularly and often includes a VPN or password manager to help you stay safe online.
Apple is also working to make it harder to bypass Gatekeeper protections with macOS Sequoia, which is expected to launch in mid-September. Instead of being able to override Gatekeeper warnings by Control-clicking, users will instead have to go to System Preferences to allow unsigned software to run. Hopefully the hassle of having to take an extra step will be enough of a deterrent to make users think twice before running potentially dangerous apps.
