Skip to main content

A new malware threat to macOS adds to the data-stealing surge

Mac password prompt.
Cado Security

If you still think Macs are inherently safe from malware, think again.

Mac users have another threat to worry about. Cthulhu Stealer, a new Mac malware threat, tries to steal sensitive data such as passwords and cryptocurrency wallets, Cado Security reports in a blog post. The malware threat disguises itself as authentic software to gather login credentials.

Recommended Videos

Cado Security describes how the malware functions: “Cthulhu Stealer is an Apple disk image (.dmg) that is bundled with two binaries, depending on the architecture. The malware is written in Golang and disguises itself as legitimate software. Once the user mounts the .dmg, the user is prompted to open the software. After opening the file, osascript, the macOS command-line tool for running AppleScript and JavaScript, is used to prompt the user for their password. ”

After this, users will see a second prompt to enter their MetaMask password. Cuckoo, Atomic Stealer, and Banshee Stealer also use this technique. However, the latest malware threat aims to gather system data and get rid of users’ iCloud Keychain passwords via a software named Chainbreaker.

Users must be cautious, as the new malware can masquerade as software apps such as AdobeGenP, CleanMyMac, and Grand Theft Auto IV by leveraging Apple disk images (DMG). You can use the AdobeGenP app without entering a serial key or paying for a Creative Cloud subscription.

Cthulhu Stealer takes data, including Telegram account information and web browser cookies, puts it into a ZIP archive file, and sends it to a command-and-control (C2) server — in other words, to the attackers. It also shares similarities with Atomic Stealer, having the same spelling mistakes and other functions and features, which indicates the developer used the same code and made some modifications.

Users can take precautions to stay safe, such as only downloading software from trustworthy sources and keeping their Macs running on the latest version. Downloading some legitimate Mac antivirius software isn’t a bad idea, either.

Apple is aware of the rise in Mac malware and has made essential security changes, saying, “In macOS Sequoia, users will no longer be able to Control-click to override Gatekeeper when opening software that isn’t signed correctly or notarized.” You’ll need to go to System Settings > Privacy & Security to analyze the security information for the software before you use it.

Judy Sanhz
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
I’d never use a Mac without first changing these 8 security settings
Security and Privacy settings open on a MacBook.

If you’ve got one of the best MacBooks or Macs, the chances are good that you do an awful lot of sensitive stuff on your computer. Think about all the passwords you enter, the emails you send and receive, and the documents you create -- all of those can provide a treasure trove of data to any sticky-fingered ne’er-do-wells who manage to gain access to your device.

To prevent the worst from happening, it’s a good idea to beef up your Mac security. The good news is that doing so is far easier than you might think, and there are a handful of macOS settings you can change right now to keep your Mac -- and all the information it holds about you -- safe from prying eyes.

Read more
I finally tried Apple Intelligence in macOS Sequoia to see if it lived up to the hype
The redeisgned Siri user interface in macOS Sequoia.

For the last few years, Apple’s macOS releases have been interesting, if not particularly exciting. But that’s all set to change this year with the launch of macOS Sequoia, and it’s all thanks to one feature: Apple Intelligence.

Apple’s artificial intelligence (AI) platform has the potential to completely change how you use your Mac on a daily basis. From generating images, rewriting emails, and summarizing your audio recordings to revamping Siri into a much more capable virtual assistant, Apple Intelligence could be the most significant new macOS feature in years.

Read more
This new threat proves that Macs aren’t immune from malware
A concept image of a hacker at work in a dark room.

Despite constant warnings, many Mac users have come to believe their computers are safe from malware attacks. A new threat targeting Mac users called Banshee Stealer, however, refutes that notion. As reported on by security firm Elastic Labs, Banshee Stealer targets popular browsers and crypto wallets and even attempts to steal data from iCloud Keychain passwords and Notes.

"Banshee Stealer targets a wide range of browsers, cryptocurrency wallets, and around 100 browser extensions, making it a highly versatile and dangerous threat," Elastic Security Labs said in a report on Thursday.

Read more