Attention Apple users, Cthulhu Stealer malware for macOS has you in its sights

Researchers at Cado Security have discovered a new piece of malware targeting maOS users that has been dubbed “Cthulhu Stealer.” The malicious app attempts to trick users by posing as legitimate software like CleanMyMac, Grand Theft Auto IV, and Adobe GenP. It bears an uncanny resemblance to Atomic Stealer, a piece of malware first released in 2022, and researchers speculate that the new malware is simply a modified version of Atomic.

As with most malware, the first thing Cthulhu Stealer tries to do is ask users for their passwords when the malicious app is opened. This is a crucial step, as this information is essential for the threat actors to achieve their nefarious goals. This is especially true for macOS, as it often asks for a password to access certain parts of the operating system.

Some of the goals of threat actors using Cthulhu Stealer are to “steal credentials and cryptocurrency wallets from various stores, including gaming accounts.” Some of the wallets that the malware targets are Coinbase Wallet, Wasabi Wallet, Atomic Wallet, and Electrum Wallet. In the meantime, it attempts to steal various data from Battlenet accounts, including game cache and log data.

While there is currently little information on how this malware is distributed, it is highly likely that it is being offered to users as pirated, heavily discounted, or free software. All of the software it mimics requires users to pay in some form to access it. It is important to note that if the software is offered “for free,” which usually costs money or requires a subscription, there is a real risk that you will be hit with malware that steals personal information. It is best to stick to the Apple App Store or download directly from the software vendor’s website.