Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
66,020
34,835


Apple's Macs are less targeted by malware than Windows PCs, but that doesn't mean they are immune. Increasingly, insidious types of Mac malware are being developed that have researchers concerned enough to issue public warnings, and that's the case again today.

macos-cthulu-stealer-malware.jpeg

As reported by Hacker News, Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named "Cthulhu Stealer." First spotted in late 2023, the malicious software is designed to steal sensitive information from infected Macs, such as saved passwords from iCloud Keychain, information from web browsers, and even details from Telegram accounts.

What's particularly concerning is that it's being sold as a service on the dark web for $500 per month, potentially allowing multiple bad actors to use it against unsuspecting Mac owners.

Cato Security researcher Tara Gould reports that Cthulhu Stealer disguises itself as popular software to trick users into installing it. It might appear as CleanMyMac, Grand Theft Auto IV, or even Adobe GenP (a tool some users employ to bypass Adobe's subscription model). The malware comes packaged as a disk image (DMG) file.

If a user tries to open the fake app, macOS's built-in security feature, Gatekeeper, warns that the software is unsigned. But if a user chooses to bypass this warning, the malware immediately asks for the user's system password, mimicking a legitimate system prompt. This technique isn't new – other Mac malware like Atomic Stealer and MacStealer use similar tricks.

Once it has the necessary permissions, Cthulhu Stealer can access and steal a wide range of sensitive data. For crypto users, it specifically targets MetaMask digital wallet information. All of this stolen data is then sent to the attackers' servers.

Notably, reports suggest that whoever designed Cthulu Stealer is no longer active, apparently following disputes over payments and accusations of scamming their own customers, i.e. other cybercriminals who were using the malware.

While Cthulhu Stealer isn't the most sophisticated malware out there, it's still a significant threat to Mac users who might be tricked into installing it. General security pointers include only downloading software from trusted sources like the App Store or official developer websites, being wary of any app asking for your system password during installation, and keeping your Mac updated with the latest security patches from Apple.

In macOS Sequoia, expected to be released in mid-September, Apple plans to remove the ability to easily override Gatekeeper warnings by Control-clicking. Instead, users will need to go through System Settings to allow unsigned software to run, adding an extra step that might make users think twice before running potentially dangerous apps.

Article Link: 'Cthulhu Stealer' macOS Malware Can Steal Keychain Passwords, Web Browsing Info, Crypto Wallets, and More
 
But yet Apps and such get by Apple everyday, so much for the walled garden theory. I believed it at one time and after the EU ruling, Apples wall garden is gone now
That is not Apple's fault.

The Idiocracy the World has turned into (again) tore it down.

And this still requires YOU to screw up.
 
But yet Apps and such get by Apple everyday, so much for the walled garden theory. I believed it at one time and after the EU ruling, Apples wall garden is gone now
Why make it easy for them. Yes, no amount of security will be 100%. The other option EU no locks. Security is a multifaceted approach. The walled garden an important part of that. Your words flip side, open Mac’s have not impacted Mac’s security. I hear with every argument about the Apple App store. So much for that argument right here.
 
Last edited:
Walled gardens exist FOR A REASON.
People affected by this malware are trying to pirate content, they should be aware of the risks.

Also, they probably got a notification from macOS stating the risks of installing software from unverified developers.

Their stupidity shouldn’t be reason enough to turn my mac into an iPhone so that apple can collect 30% of every app I need to use and making said software more expensive as a consequence.
 
So if you don't pirate software you are good, makes sense.

How do you come to this conclusion? Only 1 of those 3 examples mentioned there are to pirate. For the others it comes down to who is better at SEO and appears first in the search result for clueless people (the target) to download and install.

VLC comes to mind. I remember a few years ago, a fake app ranked before the legit one on Google
 
How do you come to this conclusion? Only 1 of those 3 examples mentioned there are to pirate. For the others it comes down to who is better at SEO and appears first in the search result for clueless people (the target) to download and install
If you are getting CleanMyMac from the App Store you are fine, if you are getting from the developer (unless they have been compromised) you are fine, if you are downloading it from somewhere else then you are at risk and the question would be why would you get it anywhere else other then the developer or from the App Store?

Looking to download Grant Theft Auto IV for Mac, which as far as I am aware does not exist, it probably means you are looking for it for free, so probably a hacked version or malware on a torrent site listing it as GTA IV. And last one does not need an example.
 
To the users saying that only people who are intending on pirating software are at risk, that is not true.
A lot of times bad actors mimic legitimate websites and pay for ads to be at the front of Google's search engines. The average user may click that first link thinking it's the legitimate website and download the free trial which has the malware.

It's not always people who intend to pirate. I deal with this as my job every day.
 
I chose the Mac and iOS specifically BECAUSE it is a walled garden. Just as people choose communities they want to live in. If Apple is forced into being a homogeny with Android or Windows then what's the point?
 
That password dialog still looks sloppy. Weird phrasing, inconsistent terminology (preferences / settings), "OK" button (which is rare on macOS), no user name alongside the password field as is common in password dialogs. I realise that this would still trick many users, but why not take a few minutes and check how a similar legit dialog would look?
 
I chose the Mac and iOS specifically BECAUSE it is a walled garden. Just as people choose communities they want to live in. If Apple is forced into being a homogeny with Android or Windows then what's the point?

You and ten other people in the world made a decision based on the "walled garden". Everyone else picks the UI and physical device they prefer.

In addition, macOS has no walled garden. I can, and do, install anything and everything I want.
 
They are security guards, they are toll-booth employees.. Taking a cut of the action to let you pass.
Yep, the toll pays for the "security" part, including building and maintaining the gate.

But I'm not interested in debating the capitalistic aspects here.
Somehow I have never, not even once, had malware on any Windows or macOS device I've owned? How is that possible? I don't download sketchy crap.
I will never, ever believe you've never had malware on Windows.
I don't need daddy Tim smacking my hand when I click the wrong link.
Simple.
That's fine. There's always people who like to learn things the hard way. No objections from me here.
 
Yes, unless the developer website gets hacked and bad actors replace with their file.
And there are other vectors too: a developer's email list get's hacked, then they send out an email to the entire list advertising a "free upgrade" with a clone of the developers account at a domain that is similar enough to the real one to fool people to click the link. It isn't always black and white, there are a lot of ways it can (and will) be leveraged.

:)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.