'Cthulhu Stealer' macOS Malware Can Steal Keychain Passwords, Web Browsing Info, Crypto Wallets, and More

Apple's Macs are less targeted by malware than Windows PCs, but that doesn't mean they are immune. Increasingly, insidious types of Mac malware are being developed that have researchers concerned enough to issue public warnings, and that's the case again today.

macos cthulu stealer malware
As reported by Hacker News, Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named "Cthulhu Stealer." First spotted in late 2023, the malicious software is designed to steal sensitive information from infected Macs, such as saved passwords from iCloud Keychain, information from web browsers, and even details from Telegram accounts.

What's particularly concerning is that it's being sold as a service on the dark web for $500 per month, potentially allowing multiple bad actors to use it against unsuspecting Mac owners.

Cato Security researcher Tara Gould reports that Cthulhu Stealer disguises itself as popular software to trick users into installing it. It might appear as CleanMyMac, Grand Theft Auto IV, or even Adobe GenP (a tool some users employ to bypass Adobe's subscription model). The malware comes packaged as a disk image (DMG) file.

If a user tries to open the fake app, macOS's built-in security feature, Gatekeeper, warns that the software is unsigned. But if a user chooses to bypass this warning, the malware immediately asks for the user's system password, mimicking a legitimate system prompt. This technique isn't new – other Mac malware like Atomic Stealer and MacStealer use similar tricks.

Once it has the necessary permissions, Cthulhu Stealer can access and steal a wide range of sensitive data. For crypto users, it specifically targets MetaMask digital wallet information. All of this stolen data is then sent to the attackers' servers.

Notably, reports suggest that whoever designed Cthulu Stealer is no longer active, apparently following disputes over payments and accusations of scamming their own customers, i.e. other cybercriminals who were using the malware.

While Cthulhu Stealer isn't the most sophisticated malware out there, it's still a significant threat to Mac users who might be tricked into installing it. General security pointers include only downloading software from trusted sources like the App Store or official developer websites, being wary of any app asking for your system password during installation, and keeping your Mac updated with the latest security patches from Apple.

In macOS Sequoia, expected to be released in mid-September, Apple plans to remove the ability to easily override Gatekeeper warnings by Control-clicking. Instead, users will need to go through System Settings to allow unsigned software to run, adding an extra step that might make users think twice before running potentially dangerous apps.

Tag: Malware

Popular Stories

Generic iOS 18

Apple Seeds Second Release Candidate Versions of iOS 18.2 and More With Genmoji, Image Playground and ChatGPT Integration

Monday December 9, 2024 10:06 am PST by
Apple today seeded the second release candidate versions of upcoming iOS 18.2, iPadOS 18.2, and macOS 15.2 updates to developers and public beta testers for testing purposes, a week after releasing the first RCs. The first iOS 18.2 RC had a build number of 22C150, while the second RC's build number is 22C151. Release candidates represent the final version of beta software that's expected to see a ...
Generic iOS 18

When Is iOS 18.2 Coming Out?

Tuesday December 10, 2024 1:43 am PST by
The next iOS 18.2 update featuring more substantial Apple Intelligence features will be released to the public before the holidays, according to Apple, but we have a more definite timeframe from other sources. In a newsroom article dated October 28 highlighting Apple Intelligence capabilities, Apple states that "new ‌Apple Intelligence‌ features will be available in December." Then in...
iPhone SE 4 Single Camera Thumb 3

iPhone SE 4 Said to Feature 48MP Rear Lens, 12MP TrueDepth Camera

Monday December 9, 2024 4:48 am PST by
Apple's forthcoming iPhone SE 4 will feature a single 48-megapixel rear camera and a 12-megapixel TrueDepth camera on the front, according to details revealed in a new Korean supply chain report. ET News reports that Korea-based LG Innotek is the main supplier of the front and rear camera modules for the more budget-friendly ~$400 device, which is expected to launch in the first quarter of...
iOS 18

Here Are Apple's Full Release Notes for iOS 18.2

Thursday December 5, 2024 11:48 am PST by
Apple seeded the release candidate version of iOS 18.2 today, which means it's going to see a public launch imminently. Release candidates represent the final version of new software that will be provided to the public should no last minute bugs be found, and Apple includes release notes with the RC launch. The iOS 18.2 release notes provide a look at all of the new features that are coming...
Apple MacBook Pro M4 hero

MacBook Pros With OLED Displays Won't Have a Notch, Roadmap Shows

Monday December 9, 2024 7:36 am PST by
Apple plans to remove the notch from the MacBook Pro in a few years from now, according to a roadmap shared by research firm Omdia. The roadmap shows that 14-inch and 16-inch MacBook Pro models released in 2026 will have a hole-punch camera at the top of the display, instead of a notch. It is unclear if there would simply be a pinhole in the display, or if Apple would expand the iPhone's...
vipps nfc tap to pay iphone

World's First Apple Pay Alternative for iPhone Launches in Norway

Monday December 9, 2024 1:28 am PST by
Norwegian payment service Vipps has become the world's first company to launch a competing tap-to-pay solution to Apple Pay on iPhone, following Apple's agreement with European regulators to open up its NFC technology to third parties. Starting December 9, Vipps users in Norway can make contactless payments in stores using their iPhones. The service initially supports customers of SpareBank...
New Things Your iPhone Can Do in iOS 18

20 New Things Your iPhone Can Do in iOS 18.2

Friday December 6, 2024 4:42 am PST by
Apple is set to release iOS 18.2 in the second week of December, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. There are a handful of new non-AI related feature controls...
iPhone 17 Slim Feature

iPhone 17 'Air' Expected to Be ~2mm Thinner Than iPhone 16 Pro

Friday December 6, 2024 4:07 pm PST by
In 2025, Apple is planning to debut a thinner version of the iPhone that will be sold alongside the iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max. This iPhone 17 "Air" will be about two millimeters thinner than the current iPhone 16 Pro, according to Bloomberg's Mark Gurman. The iPhone 16 Pro is 8.25mm thick, so an iPhone 17 that is 2mm thinner would come in at around 6.25mm. At 6.25mm,...
airpods pro 2 gradient

AirPods Pro 3 Expected Next Year: Here's What We Know

Thursday November 28, 2024 3:30 am PST by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch sometime in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as...

Top Rated Comments

roar08 Avatar
16 weeks ago

It might appear as CleanMyMac, Grand Theft Auto IV, or even Adobe GenP (a tool some users employ to bypass Adobe's subscription model). The malware comes packaged as a disk image (DMG) file.
In other words, it might appear as the software you're pirating.
Score: 48 Votes (Like | Disagree)
Darth Tulhu Avatar
16 weeks ago
Walled gardens exist FOR A REASON.
Score: 31 Votes (Like | Disagree)
sw1tcher Avatar
16 weeks ago

As reported by Hacker News ('https://thehackernews.com/2024/08/new-macos-malware-cthulhu-stealer.html'), Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named "Cthulhu Stealer."
My name isn't Cthulhu Stealer so I should be safe, right?
Score: 30 Votes (Like | Disagree)
WarmWinterHat Avatar
16 weeks ago

Walled gardens exist FOR A REASON.
They do, to make Apple money.
Score: 25 Votes (Like | Disagree)
wonderings Avatar
16 weeks ago
So if you don't pirate software you are good, makes sense.
Score: 20 Votes (Like | Disagree)
Darth Tulhu Avatar
16 weeks ago

They do, to make Apple money.
Security guards get paid, don't they?
Score: 19 Votes (Like | Disagree)