August 23, 2024 By Pierluigi Paganini
Cato Security found a new info stealer, called Cthulhu Stealer, that targets Apple macOS and steals a wide range of information.
Cado Security researchers have discovered a malware-as-a-service (MaaS) targeting macOS users dubbed Cthulhu Stealer.
Cthulhu Stealer targets macOS users via an Apple disk image (DMG) that disguises itself as legitimate software. The researchers spotted Cthulhu Stealer impersonating disk images of legitimate software such as Adobe GenP, CleanMyMac, and Grand Theft Auto IV.
The malicious code is written in GoLang, upon mounting the dmg it prompts users to enter their system and MetaMask passwords using the macOS osascript tool.
Once the user inputs their credentials, the malware stores them in a directory and uses Chainbreak to dump Keychain passwords. Then the malware creates a zip archive of the stolen data, which includes system and network information, and sends a notification to a command-and-control (C2) server. The malware also gathers system info, including IP address and hardware/software information.
