BPOI Banner
MacOS Malware 'Cthulu Stealer' Is Draining Crypto Wallets—Here's How to Spot It MacOS Malware 'Cthulu Stealer' Is Draining Crypto Wallets—Here's How to Spot It

MacOS Malware ‘Cthulu Stealer’ Is Draining Crypto Wallets—Here’s How to Spot It

In a concerning development for macOS users and cryptocurrency holders, security researchers have identified a new malware-as-a-service (MaaS) named “Cthulhu Stealer.”

According to a recent Cado Security report, this malware specifically targets macOS systems, challenging the long-held belief that Apple’s operating system is immune to such threats.

While macOS has maintained a reputation for security, recent years have seen an uptick in malware targeting Apple’s platform. Notable examples include Silver Sparrow, KeRanger, and Atomic Stealer. Cthulhu Stealer is the latest addition to this growing list, indicating a shift in the cybersecurity landscape for macOS users.

Cthulhu Stealer is distributed as an Apple disk image (DMG) file, disguising itself as legitimate software such as CleanMyMac, Grand Theft Auto IV, or Adobe GenP, according to the Cado report. The malware, written in GoLang, is designed for both x86_64 and ARM architectures. This follows recent reports of another crypto-stealing malware targeting Call of Duty players.

Upon execution, the malware uses osascript to prompt users for their system password and MetaMask credentials. It then creates a directory in ‘/Users/Shared/NW’ to store stolen information. The malware’s primary function is to extract credentials and cryptocurrency wallets from various sources, including browser cookies, game accounts, and multiple cryptocurrency wallets.

Cthulhu Stealer shares similarities with Atomic Stealer, another macOS-targeted malware identified in 2023. Both are written in Go and focus on stealing crypto wallets, browser credentials, and keychain data. The resemblance in functionality suggests that Cthulhu Stealer may be a modified version of Atomic Stealer.

The malware is operated by a group known as “Cthulhu Team,” who use Telegram for communication. They offer the stealer for rent at $500 per month as part of a malware-as-a-service model, with affiliates responsible for deployment and receiving a percentage of the earnings.

Malware-as-a-service is a business model in the cybercrime world where malicious software and related services are sold or rented to customers, typically other criminals. This allows individuals or groups without advanced technical skills to conduct cyberattacks using pre-made malware tools and infrastructure. MaaS providers often offer customer support, updates, and customization options, similar to legitimate software services.

However, recent developments suggest trouble within the operation.

Affiliates have lodged complaints against the main developer, known as “Cthulhu” or “Balaclavv,” accusing them of withholding payments, according to Cado’s report. The researchers noted that this has led to the developer being banned from at least one malware marketplace.

Edited by Stacy Elliott.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.

Source link

Adrian Zmudzinski

https://decrypt.co/246402/macos-malware-cthulu-stealer-is-draining-crypto-wallets-heres-how-to-spot-it

2024-08-26 11:28:48

bitcoin
Bitcoin (BTC) $ 95,011.46 2.20%
ethereum
Ethereum (ETH) $ 3,311.89 2.17%
tether
Tether (USDT) $ 0.996181 0.33%
xrp
XRP (XRP) $ 2.18 4.09%
bnb
BNB (BNB) $ 675.89 1.13%
solana
Solana (SOL) $ 181.49 2.56%
dogecoin
Dogecoin (DOGE) $ 0.310381 3.56%
usd-coin
USDC (USDC) $ 0.998523 0.19%
staked-ether
Lido Staked Ether (STETH) $ 3,310.38 1.95%
cardano
Cardano (ADA) $ 0.880353 3.48%
tron
TRON (TRX) $ 0.248371 0.43%
avalanche-2
Avalanche (AVAX) $ 36.37 4.60%
chainlink
Chainlink (LINK) $ 22.65 0.63%
wrapped-steth
Wrapped stETH (WSTETH) $ 3,942.06 1.84%
the-open-network
Toncoin (TON) $ 5.39 1.81%
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 94,822.41 2.13%
shiba-inu
Shiba Inu (SHIB) $ 0.000022 2.27%
sui
Sui (SUI) $ 4.24 5.31%
stellar
Stellar (XLM) $ 0.354298 3.37%
polkadot
Polkadot (DOT) $ 6.91 2.46%
hedera-hashgraph
Hedera (HBAR) $ 0.272278 3.21%
weth
WETH (WETH) $ 3,317.90 1.91%
hyperliquid
Hyperliquid (HYPE) $ 26.50 21.36%
leo-token
LEO Token (LEO) $ 9.46 2.07%
bitcoin-cash
Bitcoin Cash (BCH) $ 436.84 4.47%
uniswap
Uniswap (UNI) $ 13.57 3.42%
litecoin
Litecoin (LTC) $ 101.29 1.52%
pepe
Pepe (PEPE) $ 0.000018 2.83%
wrapped-eeth
Wrapped eETH (WEETH) $ 3,500.98 1.79%
near
NEAR Protocol (NEAR) $ 5.09 0.41%
ethena-usde
Ethena USDe (USDE) $ 0.996368 0.37%
bitget-token
Bitget Token (BGB) $ 4.08 2.83%
usds
USDS (USDS) $ 1.00 0.19%
aptos
Aptos (APT) $ 9.09 4.54%
aave
Aave (AAVE) $ 333.00 8.40%
internet-computer
Internet Computer (ICP) $ 10.01 1.70%
crypto-com-chain
Cronos (CRO) $ 0.152765 4.65%
polygon-ecosystem-token
POL (ex-MATIC) (POL) $ 0.474439 2.88%
mantle
Mantle (MNT) $ 1.18 1.20%
ethereum-classic
Ethereum Classic (ETC) $ 26.15 1.72%
vechain
VeChain (VET) $ 0.045683 2.90%
render-token
Render (RENDER) $ 7.05 3.53%
monero
Monero (XMR) $ 191.21 0.36%
whitebit
WhiteBIT Coin (WBT) $ 24.37 0.04%
dai
Dai (DAI) $ 0.998231 0.23%
mantra-dao
MANTRA (OM) $ 3.51 6.73%
bittensor
Bittensor (TAO) $ 449.83 4.19%
fetch-ai
Artificial Superintelligence Alliance (FET) $ 1.26 2.52%
arbitrum
Arbitrum (ARB) $ 0.757031 1.50%
kaspa
Kaspa (KAS) $ 0.118029 3.47%