Cado Security has recently issued a warning to Apple Mac users about a new malware variant called “Cthulhu Stealer.” This malicious software is designed to steal personal information and target cryptocurrency wallets. While MacOS is known for its security, the threat of macOS malware has been increasing in recent years. The Cthulhu Stealer malware disguises itself as legitimate software, such as CleanMyMac or Adobe GenP, and comes in the form of an Apple disk image (DMG). Once users download and open the file, they are prompted to enter their password, allowing the malware access to their system.
The malware specifically targets popular cryptocurrency wallets, including MetaMask, Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet. Once it gains access, it stores stolen data in text files and collects information like IP addresses and operating system versions from the victim’s system. Cthulhu Stealer’s primary function is to steal credentials and cryptocurrency wallets, as well as game accounts. Tara Gould, a researcher at Cado Security, noted that the malware is similar to Atomic Stealer, discovered in 2023 targeting Apple computers. It is believed that the developers behind Cthulhu Stealer modified the code of Atomic Stealer to create this new strain.
The Cthulhu Stealer malware has been rented out to affiliates for $500 per month through the Telegram messaging platform, with profits shared among the developers. However, conflicts over payments have reportedly caused the main scammers to vanish, leading to allegations of an exit scam. In response to the rise of threats like Cthulhu Stealer and the AMOS malware, Apple has made updates to its macOS to enhance Gatekeeper protections, ensuring that only trusted applications can be run on the system. These security measures aim to protect users from falling victim to malicious software.
In a separate incident, a Florida resident named Maria Vaca has filed a lawsuit against Google, claiming that the tech giant’s negligence resulted in her losing over $5 million. Vaca alleges that she was deceived by a crypto investment app called Yobit Pro, which she downloaded from the Google Play Store. Google recently sued two developers for creating 87 fraudulent apps that scammed over 100,000 users, but Yobit Pro was not mentioned in the lawsuit. The lawsuit against Google highlights the dangers of fraudulent apps on app stores that lure users with promises of high returns but ultimately defraud them of their funds.
Google has taken steps to combat such scams by introducing a feature that allows users to check the balances of wallets on various blockchains like Bitcoin, Arbitrum, Avalanche, Optimism, Polygon, and Fantom. This feature aims to provide users with more transparency and protection against potential scams. The lawsuit filed by Maria Vaca and the actions taken by Google underscore the importance of vigilance when downloading apps, especially those related to cryptocurrency investments. Users must exercise caution and conduct thorough research before trusting any platform with their personal information and financial assets.
