A new malware threat to macOS adds to the data-stealing surge

Mac password prompt.Cado Security

If you still think Macs are inherently safe from malware, think again.

Mac users have another threat to worry about. Cthulhu Stealer, a new Mac malware threat, tries to steal sensitive data such as passwords and cryptocurrency wallets, Cado Security reports in a blog post. The malware threat disguises itself as authentic software to gather login credentials.

Recommended Videos

Cado Security describes how the malware functions: “Cthulhu Stealer is an Apple disk image (.dmg) that is bundled with two binaries, depending on the architecture. The malware is written in Golang and disguises itself as legitimate software. Once the user mounts the .dmg, the user is prompted to open the software. After opening the file, osascript, the macOS command-line tool for running AppleScript and JavaScript, is used to prompt the user for their password. ”

After this, users will see a second prompt to enter their MetaMask password. Cuckoo, Atomic Stealer, and Banshee Stealer also use this technique. However, the latest malware threat aims to gather system data and get rid of users’ iCloud Keychain passwords via a software named Chainbreaker.

Users must be cautious, as the new malware can masquerade as software apps such as AdobeGenP, CleanMyMac, and Grand Theft Auto IV by leveraging Apple disk images (DMG). You can use the AdobeGenP app without entering a serial key or paying for a Creative Cloud subscription.

Cthulhu Stealer takes data, including Telegram account information and web browser cookies, puts it into a ZIP archive file, and sends it to a command-and-control (C2) server — in other words, to the attackers. It also shares similarities with Atomic Stealer, having the same spelling mistakes and other functions and features, which indicates the developer used the same code and made some modifications.

Users can take precautions to stay safe, such as only downloading software from trustworthy sources and keeping their Macs running on the latest version. Downloading some legitimate Mac antivirius software isn’t a bad idea, either.

Apple is aware of the rise in Mac malware and has made essential security changes, saying, “In macOS Sequoia, users will no longer be able to Control-click to override Gatekeeper when opening software that isn’t signed correctly or notarized.” You’ll need to go to System Settings > Privacy & Security to analyze the security information for the software before you use it.

Editors’ Recommendations

  • I finally tried Apple Intelligence in macOS Sequoia to see if it lived up to the hype

  • You can finally try out Apple Intelligence on your Mac. Here’s how

  • I’m a Mac power user, and these are the apps I can’t live without

  • The MacBook notch has been redeemed

  • I’ve been using the first macOS Sequoia public beta. Here’s my take on it so far




Related posts

Latest posts

Qualcomm’s new chip looks like a big upgrade for mid-range phones

Qualcomm's Snapdragon 6 Gen 4 chip could bring a much-needed power boost to midrange phones, improving overall performance and AI functionality.

Windows 10 KB5051974 update adds a new app without asking

Microsoft has released the KB5051974 cumulative update for versions 22H2 and 21H2, adding security fixes and patching a memory leak. However, as reports, the update also includes a surprise: the new Outlook for Windows app. The update is mandatory because it includes the January 2025 Patch Tuesday security updates. Once you install it, you will […]

Google’s Gemini is getting a lot smarter for iPhone users

Google is bringing Gemini's Deep Research function to iPhone, allowing access to in-depth research and comprehensive queries.

The Apple Watch SE and Samsung Galaxy Watch 6 are both on sale

If you’ve been waiting to invest in a smartwatch, today’s your lucky day! For a limited time, both the Apple Watch SE and Samsung Galaxy Watch 6 are on sale.

Nvidia may release the RTX 5070 in March to counter AMD’s RDNA 4 GPUs

It is speculated that the RTX 5070 launch has been moved to March to counter AMD's Radeon RX 9070 series.

A native Android Apple TV app is now in the Google Play store

After originally being released five years ago, a full-functioning Apple TV app has come to Android devices.

OpenAI nixes its o3 model release, will replace it with ‘GPT-5’

OpenAI CEO Sam Altman announced Wednesday that there will be no standalone o3 model release because it's getting rolled into whatever GPT-5 is going to be.

This Asus OLED laptop just dropped below $1,000 at Best Buy

The Asus Vivobook Pro 15 OLED laptop, which features the Intel Core Ultra 9 Series 1 processor and 24GB of RAM, is now on sale from Best Buy for below $1,000.

Framework keeps fans guessing on February launch event product details

Modular computing company, Framework has announced a launch event for second-generation devices and had opened invites to enthusiasts.

Why do health apps fail? Research bursts the hype with clear evidence

According to research published in Nature, a majority of users living with serious health conditions fail to follow fitness guidance given exclusively via apps.