Sunday, 14 September 2025
31.9 C
Singapore
34.2 C
Thailand
27.8 C
Indonesia
28.4 C
Philippines

A new Mac malware threat targets sensitive data

A new Mac malware threat, Cthulhu Stealer, disguises itself as software that targets sensitive data like passwords and crypto wallets.

A recently discovered malware, dubbed “Cthulhu Stealer,” is targeting macOS users by attempting to steal sensitive data, including passwords and cryptocurrency wallets. Cado Security reported this new threat, which disguises itself as legitimate software, making it especially dangerous.

How Cthulhu Stealer operates

Cado Security has provided details on how this malware works. The Cthulhu Stealer arrives as an Apple disk image (.dmg) containing two binaries tailored for different system architectures. Written in Golang, the malware presents itself as genuine software. When users mount the .dmg file, they are prompted to open the software. Once the file is opened, the malware leverages osascript, macOS’s command-line tool for running AppleScript and JavaScript, to prompt the user to enter their password.

Following this initial deception, the malware presents a second prompt asking for the user’s MetaMask password, a tactic seen in other similar malware like Cuckoo, Atomic Stealer, and Banshee Stealer. However, Cthulhu Stealer takes things a step further by gathering system data and attempting to erase users’ iCloud Keychain passwords through a tool called Chainbreaker.

The disguise that makes it dangerous

Cthulhu Stealer’s ability to masquerade as a well-known software application is particularly concerning. By exploiting Apple’s disk image files, it can appear in popular programs like AdobeGenP, CleanMyMac, and even Grand Theft Auto IV. The AdobeGenP application, for instance, is known to allow users to bypass entering a serial key or paying for a Creative Cloud subscription, making it an attractive target for unsuspecting users.

Once Cthulhu Stealer has infiltrated your system, it collects a wide range of data, including Telegram account information and web browser cookies. This data is then compressed into a ZIP archive and sent to a command-and-control (C2) server where the attackers operate. Interestingly, the malware shares some features with Atomic Stealer, including similar spelling errors, suggesting that the developer might have reused code with slight modifications.

Staying safe in a rising-threat landscape

To protect yourself from this growing threat, you must be vigilant about where you download your software. Stick to reputable sources and ensure your Mac always runs the latest macOS version. Adding a legitimate antivirus program for Macs is also a wise precaution.

Apple is aware of the increasing threat of Mac malware and has responded by implementing crucial security updates. With the release of macOS Sequoia, Apple has removed the ability to override Gatekeeper by Control-clicking on software that isn’t properly signed or notarized. To further secure your system, you’ll need to go to System Settings > Privacy & Security to check the security information of any software before running it.

Hot this week

80% of Singaporeans use AI daily but few trust it for finance or mental health, survey finds

A Milieu Insight survey shows 80% of Singaporeans use AI daily but few trust it for financial or mental health advice.

Microsoft removes publishing fees for Windows app developers

Microsoft removes publishing fees for Windows app developers, making it free to publish apps worldwide and encouraging broader innovation.

Garmin unveils new Edge cycling computers and Rally power meters

Garmin launches Edge 550 and 850 cycling computers and Rally 110 and 210 power meters, offering advanced training, safety and performance tools.

FutureChina Global Forum 2025 to address global challenges and opportunities

The FutureChina Global Forum 2025 will convene leaders in Singapore to discuss geopolitics, economics, technology, and Singapore-China ties.

Google AI Mode may soon become the default search experience

Google hints its AI Mode could soon become the default search experience, sparking debate over its impact on SEO and user behaviour.

Asus unveils US$4,000 ProArt P16 with 4K tandem OLED and RTX 5090

Asus launches its ProArt P16 laptop with a 4K tandem OLED, RTX 5090 GPU, and creator-focused features, priced from US$1,999.

Lenovo unveils Legion Go 2 handheld with OLED display and higher price tag

Lenovo launches the Legion Go 2 handheld with an OLED display, upgraded specs and a higher starting price of €999 at IFA 2025.

Samsung could launch two Galaxy Z Fold8 models in 2026

Samsung may release two Galaxy Z Fold8 models in 2026, including one with a square-like screen, alongside the Galaxy Z Flip8.

Apple brings new health features to older Watch models

Apple adds hypertension notifications and Sleep Score to older Watch models with watchOS 26, expanding health tools beyond its newest devices.

Related Articles

Popular Categories