Security researchers have uncovered a new malware threat targeting macOS users. Dubbed “Cthulhu Stealer,” the malware impersonates popular apps to steal sensitive information such as system passwords, iCloud Keychain credentials, and cryptocurrency wallet data.

According to a report by The Hacker News, this new malware has been available to attackers since 2023 as a $500/month paid service. The report also claims that the Cthulhu Stealer can be effective as it can disguise itself as legitimate software very well.

What researchers said about the malware

As per the report, the Cthulhu Stealer malware targets macOS users by posing as legitimate software programs such as CleanMyMac, Grand Theft Auto IV, and Adobe GenP tool that hat patches Adobe apps to bypass the Creative Cloud service and activates them without a serial key.Once executed, the malware prompts users to enter their system password, iCloud Keychain passwords, and MetaMask credentials.

Cthulhu Stealer also harvests system information and web browser cookies before exfiltrating the stolen data to a remote server. The malware’s ability to bypass security measures and its data-stealing capabilities make it a significant threat to macOS users.

While the threat actors behind Cthulhu Stealer may no longer be active, still the malware itself poses a significant risk to macOS users, the report adds. Due to the relative security of macOS compared to Windows and Linux, users may be more likely to bypass Gatekeeper protections, making them vulnerable to such threats.

To protect against Cthulhu Stealer and other malware, users should prioritise downloading apps from known sources like the Mac App Store or official developer websites. Avoiding unsigned files and exercising caution when prompted to enter sensitive information can also help mitigate the risk of infection.

So, before bypassing macOS Gatekeeper to open a downloaded app, users should ensure that it’s coming from a trustworthy source.