TLDR:
- Cthulhu Stealer macOS malware is available for rent at $500/month to steal data, targeting macOS users.
- The malware is distributed as an Apple disk image and uses osascript to prompt users for passwords, targeting sensitive data like cryptocurrency wallets and game accounts.
In recent years, macOS systems have been increasingly targeted by malware, challenging the belief of their immunity. The Cthulhu Stealer, a malware-as-a-service (MaaS), is the latest threat identified by Cado Security, available for rent at $500 per month. The malware is distributed as an Apple disk image and written in GoLang, masquerading as legitimate software. Upon installation, it prompts users for passwords using osascript and targets sensitive data like cryptocurrency wallets, game accounts, and browser cookies. The malware then sends the stolen data to a command-and-control server and impersonates popular software to evade detection.
Similar to the Atomic Stealer malware, Cthulhu Stealer is operated by the “Cthulhu Team,” who rent it out through Telegram for financial gains. Affiliates share earnings based on successful deployment, but complaints of non-payment have led to bans from marketplace operators. To protect against such threats, macOS users are advised to download software only from trusted sources, enable built-in security features like Gatekeeper, keep systems updated with security patches, and use reputable antivirus software for added protection. Vigilance and proactive measures are essential in safeguarding macOS systems from evolving threats like Cthulhu Stealer.