New macOS malware poses as legitimate apps to steal passwords, crypto wallets and more — how to stay safe
While Apple’s Macs aren’t targeted by hackers as much as Windows PCs, they aren’t impenetrable. Security researchers recently uncovered malware dubbed “Cthulhu Stealer” that impersonates popular apps to harvest passwords and steal data from macOS users.
As first reported by The Hacker News, Cado Security pushed out a public warning this week about Cthulhu Stealer, a malware-as-a-service targeting macOS users launched in late 2023 that sells for $500 a month. “The malware is written in Golang and disguises itself as legitimate software,” said Cado Security researcher Tara Gould.
To trick users into installing it, it’s appeared as software programs like CleanMyMac, Grand Theft Auto IV, or Adobe GenP, an open-source tool some Adobe users employ to get around having a Creative Cloud subscription. The malware comes packaged as a disk image (DMG) file that contains a pair of binaries, which lets it attack both Intel and Apple Silicon Macs depending on which architecture it detects.
When a user tries to open the fake app, macOS’s built-in security feature, Gatekeeper, warns that the software is unsigned. If the user opts to bypass Gatekeeper protections and let it run anyway, they’re given an otherwise legitimate-looking prompt to enter their system password, followed by a second prompt for the MetaMask cryptocurrency wallet. Once it has the necessary permissions, Cthulhu Stealer can siphon a wide range of sensitive data, including saved passwords from iCloud Keychain, web browser cookies and Telegram account information.
“The main functionality of Cthulhu Stealer is to steal credentials and cryptocurrency wallets from various stores, including game accounts,” Gould explained.
It’s an osascript-based technique that we’ve seen in infostealers and malware before like Atomic Stealer, Cuckoo, MacStealer, and Banshee Stealer. But even if Cthulhu Stealer isn’t the most sophisticated malware out there, it still poses a serious threat to Mac users who could stumble into this trap.
How to stay safe from Mac malware
So what can you do to keep the best Macs protected from malware like Cthulhu Stealer? First and foremost, be vigilant about the apps you download and do your due diligence to make sure whoever you’re downloading it from is who they say they are. While your Mac comes with built-in antivirus software in the form of XProtect, consider using that in tandem with one of the best Mac antivirus software solutions. Paid antivirus software is updated more regularly and will often throw in a VPN or password manager to help you stay safe online.
Apple is also working on making it harder to bypass Gatekeeper protections with macOS Sequoia, which is expected to roll out in mid-September. Rather than being able to override Gatekeeper warnings by Control-clicking, users will instead have to go through System Settings to allow unsigned software to run. Hopefully, the annoyance of going through an extra step will be enough of a deterrent to make users think twice before running potentially dangerous apps.
More from Tom’s Guide
Source link