New Malware Steals Crypto From macOS Wallets Like MetaMask and Binance

The Rise of Cthulhu Stealer 

Cthulhu Stealer highlights the fact that no operating system is completely safe from cyber threats. It targets users by posing as legitimate applications, such as CleanMyMac and Adobe GenP. It even pretends to be an early release of “Grand Theft Auto VI” to lure users into downloading it. 

How Does Cthulhu Stealer Work? 

When a user downloads and mounts the malicious DMG file, they are prompted to enter their system and MetaMask passwords. This is the first step in the malware’s strategy to steal sensitive information. After the user enters their credentials, the malware uses a macOS tool called osascript to extract passwords from the system’s Keychain. 

Once it has the passwords, the malware collects data from various crypto wallets and other sources. It compiles this information into a zip file, named with the user’s country code and the time of the attack, and sends it to a command and control (C2) server. This allows the attackers to further manipulate the stolen data. 

Read More: How to Secure Your Cryptocurrency: Best Practices and Tips 

What Data Does Cthulhu Stealer Target? 

Cthulhu Stealer goes after a wide range of data. Here’s a list of the types of information it steals: 

• Crypto Wallets: MetaMask, Coinbase, Binance, Wasabi, Daedalus, Electrum, Atomic, Harmony, Enjin, Hoo, Dapper, Coinomi, Trust, Blockchain, XDeFi 

• Browser Extensions and Cookies: Chrome extension wallets, Firefox cookies 

• Other Platforms: Minecraft user information, Battlenet game data, Telegram Tdata account information 

• System Information: IP address, system name, OS version 

• Password Storage: Keychain passwords, SafeStorage passwords 

Scammers Charge a Fee for Cthulhu Stealer 

The creators of Cthulhu Stealer charge a monthly fee of $500 for access to this malicious software. They use various tactics to get users to install the malware. On social media, for example, scammers may pose as employers offering jobs that require downloading software to track working hours. They create a sense of urgency, pressuring the victim to download the application immediately. 

Who is Behind Cthulhu Stealer? 

The group responsible for this malware is known as the Cthulhu Team. They manage their operations through Telegram, where they coordinate with affiliates and developers. 

How to Protect Yourself from Malware Attacks 

To avoid falling victim to malware like Cthulhu Stealer, it is important to take several precautions: 

1. Install Reliable Antivirus Software: Make sure to use antivirus software specifically designed for macOS. 
2. Be Wary of Job Offers: Be cautious of employment opportunities that require downloading software immediately. 
3. Keep Your Software Updated: Regular software updates can help protect against malware infections.  

By following these steps, you can significantly reduce the risk of becoming a victim of cyber threats on macOS. Remember, no system is completely secure, so always be vigilant and cautious when downloading software or sharing sensitive information online.