In a concerning development for macOS users and cryptocurrency holders, security researchers have identified a new malware-as-a-service (MaaS) named "Cthulhu Stealer."
According to a recent Cado Security report, this malware specifically targets macOS systems, challenging the long-held belief that Apple's operating system is immune to such threats.
While macOS has maintained a reputation for security, recent years have seen an uptick in malware targeting Apple's platform. Notable examples include Silver Sparrow, KeRanger, and Atomic Stealer. Cthulhu Stealer is the latest addition to this growing list, indicating a shift in the cybersecurity landscape for macOS users.
Cthulhu Stealer is distributed as an Apple disk image (DMG) file, disguising itself as legitimate software such as CleanMyMac, Grand Theft Auto IV, or Adobe GenP, according to the Cado report. The malware, written in GoLang, is designed for both x86_64 and ARM architectures. This follows recent reports of another crypto-stealing malware targeting Call of Duty players.
'Call of Duty' Players Have Their Bitcoin Swiped Thanks to Malware
Call of Duty players seeking out third-party “cheat” software to manipulate the popular first-person shooter game were among the victims of a targeted phishing attack, cybersecurity firm VX Underground said on Wednesday. The attack also targeted players seeking “pay-to-cheat” software for use on Activision Blizzard’s Battle.net, the PC platform for games like World of Warcraft, Overwatch, and Diablo. The cheat software installed crypto-drainer malware onto the user’s computer, and could be used...
Upon execution, the malware uses osascript to prompt users for their system password and MetaMask credentials. It then creates a directory in '/Users/Shared/NW' to store stolen information. The malware's primary function is to extract credentials and cryptocurrency wallets from various sources, including browser cookies, game accounts, and multiple cryptocurrency wallets.
Cthulhu Stealer shares similarities with Atomic Stealer, another macOS-targeted malware identified in 2023. Both are written in Go and focus on stealing crypto wallets, browser credentials, and keychain data. The resemblance in functionality suggests that Cthulhu Stealer may be a modified version of Atomic Stealer.
The malware is operated by a group known as "Cthulhu Team," who use Telegram for communication. They offer the stealer for rent at $500 per month as part of a malware-as-a-service model, with affiliates responsible for deployment and receiving a percentage of the earnings.
ChatGPT Could Send Users to Malicious Sites: Report
Because generative AI can sometimes hallucinate, conjuring inaccurate or false information, users are encouraged to check its references. As it turns out, that could also lead to trouble. ChatGPT could be providing users links to websites hosting malware, according to a Monday report by Futurism. The discovery came during a test of ChatGPT’s knowledge of current events. When asked about William Goines, a Bronze Star recipient and the first Black member of the Navy SEALs who recently passed away,...
Malware-as-a-service is a business model in the cybercrime world where malicious software and related services are sold or rented to customers, typically other criminals. This allows individuals or groups without advanced technical skills to conduct cyberattacks using pre-made malware tools and infrastructure. MaaS providers often offer customer support, updates, and customization options, similar to legitimate software services.
However, recent developments suggest trouble within the operation.
Affiliates have lodged complaints against the main developer, known as "Cthulhu" or "Balaclavv," accusing them of withholding payments, according to Cado’s report. The researchers noted that this has led to the developer being banned from at least one malware marketplace.
Edited by Stacy Elliott.
