Cthulhu Stealer macOS Malware for Rent: $500/Month Data Theft

August 24, 2024
1 min read

TLDR:

  • Cthulhu Stealer macOS malware is available for rent at $500/month to steal data, targeting macOS users.
  • The malware is distributed as an Apple disk image and uses osascript to prompt users for passwords, targeting sensitive data like cryptocurrency wallets and game accounts.

In recent years, macOS systems have been increasingly targeted by malware, challenging the belief of their immunity. The Cthulhu Stealer, a malware-as-a-service (MaaS), is the latest threat identified by Cado Security, available for rent at $500 per month. The malware is distributed as an Apple disk image and written in GoLang, masquerading as legitimate software. Upon installation, it prompts users for passwords using osascript and targets sensitive data like cryptocurrency wallets, game accounts, and browser cookies. The malware then sends the stolen data to a command-and-control server and impersonates popular software to evade detection.

Similar to the Atomic Stealer malware, Cthulhu Stealer is operated by the “Cthulhu Team,” who rent it out through Telegram for financial gains. Affiliates share earnings based on successful deployment, but complaints of non-payment have led to bans from marketplace operators. To protect against such threats, macOS users are advised to download software only from trusted sources, enable built-in security features like Gatekeeper, keep systems updated with security patches, and use reputable antivirus software for added protection. Vigilance and proactive measures are essential in safeguarding macOS systems from evolving threats like Cthulhu Stealer.

Latest from Blog

Top 20 Linux Admin Tools for 2024

TLDR: Top Linux Admin Tools in 2024 Key points: Linux admin tools streamline system configurations, performance monitoring, and security management. Popular Linux admin tools include Webmin, Puppet, Zabbix, Nagios, and Ansible. Summary

Bogus job tempts aerospace, energy workers

TLDR: A North Korean cyberespionage group is posing as job recruiters to target employees in aerospace and energy sectors. Mandiant reports that the group uses fake job descriptions stored in malicious archives