A cloud investigation firm has identified a new malware-as-a-service (MaaS) targeting macOS users and masquerades as legitimate software to steal user credentials and cryptocurrency wallets.
According to Cado Security, the macOS malware dubbed as “Cthulhu Stealer” is distributed as an Apple disk image (DMG) containing two binaries tailored for different architectures, written in GoLang, and impersonates disk images of popular software, including CleanMyMac, Grand Theft Auto IV, and Adobe GenP.
The perception that macOS systems are immune to malware has persisted for years, however, recent trends indicate a rise in macOS malware – highlighted by threats like Silver Sparrow, KeRanger, and Atomic Stealer.
The operators of this malware previously communicated via Telegram and offered the malware for rent at $500 per month through early 2024.
Affiliates received a percentage of the earnings based on their deployment efforts.
After numerous affiliates lodged complaints against them regarding unpaid earnings, hacker marketplaces banned the team behind Cthulhu which has since ceased activity.
The rise of macOS-targeted malware emphasizes the ongoing security risks for Apple users who are urged to remain vigilant, download software only from trusted sources, and keep macOS’s built-in security features enabled.