August 23, 2024 at 01:36AM
Cybersecurity researchers have found Cthulhu Stealer, a $500/month macOS-targeting information stealer. It masquerades as popular software, steals passwords and cryptocurrency wallets, and lacks stealth and notable features. Though less frequent, macOS threats exist, prompting Apple to enhance security in upcoming updates. Users are urged to be cautious when downloading software.
Key Takeaways from the Meeting Notes:
– A new information stealer called Cthulhu Stealer has been discovered, targeting Apple macOS hosts and available under a malware-as-a-service model since late 2023.
– The malware is bundled with two binaries and written in Golang, disguising itself as legitimate software such as CleanMyMac, Grand Theft Auto IV, and Adobe GenP.
– It targets both x86_64 and Arm architectures and employs techniques such as prompting users to enter their system password and MetaMask password.
– Cthulhu Stealer is designed to harvest system information, dump iCloud Keychain passwords, and steal credentials and cryptocurrency wallets from various stores, including game accounts.
– The threat actors behind the malware are reportedly no longer active due to disputes over payments, leading to accusations of exit scam by affiliates.
– It lacks sophisticated anti-analysis techniques and standout features, and users are advised to only download software from trusted sources, avoid installing unverified apps, and keep their systems up-to-date with the latest security updates.
– Apple has announced an update to its next version of the operating system (macOS Sequoia) that aims to add more friction when attempting to open software that isn’t signed correctly or notarized.
Overall, the meeting notes highlight the emergence of Cthulhu Stealer as a threat to macOS users and the need for increased vigilance and security measures to protect against such malware.