Notebookcheck Logo

A $500-a-month malware dubbed "Cthulhu Stealer" targets macOS users and steals sensitive data

Cthulhu stealer is basically a disguised Apple disk image (DMG) file that is written in Golang open-source programming language. (Image source: Notebookcheck)
Cthulhu stealer is basically a disguised Apple disk image (DMG) file that is written in Golang open-source programming language. (Image source: Notebookcheck)
Cthulhu Stealer is an information-stealing malware targeting macOS users. Available as a MaaS service for $500 per month, it steals sensitive data like passwords, system info, and crypto wallet details. The malware impersonates legitimate software and uses social engineering techniques to trick users into running it.

A new information-stealing malware targeting Apple macOS users has been exposed by cybersecurity researchers. Referred to as "Cthulhu Stealer", it first became available as a malware-as-a-service (MaaS) offering for $500 per month in late 2023. MaaS lets individuals with limited technical skills engage in cyberattacks. Notable examples of MaaS platforms include Blackshades, Zeus, Nymaim, and Emotet, which have been used to launch various types of attacks, such as banking Trojans, botnets, and ransomware. 

Cthulhu Stealer is a disguised Apple disk image (DMG) file that contains two binaries, depending on the system architecture. The malware is written in Golang and impersonates verified software/apps, such as CleanMyMac, Grand Theft Auto IV, and Adobe GenP.

Users who fall victim are prompted to enter their system password and MetaMask password. Cthulhu Stealer also harvests system information, iCloud Keychain passwords, web browser cookies, and Telegram account information. This stolen data is then compressed, stored in a ZIP archive file, and exfiltrated to a command-and-control (C2) server. C2 servers have often been used in the past to distribute malicious software. The SolarWinds 2020 Cyberattack is one such example, where the software supply chain of the tech company was compromised.

The malware mainly steals credentials and cryptocurrency wallet info from various online accounts. As per reports, the individuals responsible for developing and distributing Cthulhu Stealer are no longer active in the cybercrime landscape. This is likely due to internal disputes within their organization and accusations of fraudulent activities, leading to a permanent ban.

To protect themselves, users are advised to download software only from trusted sources, avoid installing unverified apps, and keep their systems up-to-date with the latest security updates. Apple has also announced plans to add additional security measures in macOS Sequoia to prevent users from easily overriding Gatekeeper protections.

The malware tries to mimic softwares like GTA 4, as seen in the screenshot. (Image source: The Hacker News)
The malware tries to mimic softwares like GTA 4, as seen in the screenshot. (Image source: The Hacker News)
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
Mail Logo
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2024 08 > A $500-a-month malware dubbed "Cthulhu Stealer" targets macOS users and steals sensitive data
Anubhav Sharma, 2024-08-26 (Update: 2024-08-26)