August 22, 2024 Cado Security recently exposed a new macOS-targeted malware known as “Cthulhu Stealer,” which operates as malware-as-a-service (MaaS). The malware is designed to steal a wide array of sensitive information, including passwords, cryptocurrency wallets, and browser data. It does so by tricking users into opening a malicious disk image (DMG) file, which then prompts them for credentials using the macOS command-line tool, osascript.

The malware collects and stores the stolen data in a specific directory, creating a zip file that is then sent to a command-and-control (C2) server. The Cthulhu Stealer has been compared to the Atomic Stealer, another macOS infostealer, due to similarities in their functionality and use of osascript. The Cthulhu Stealer was reportedly being sold on malware marketplaces for $500 a month, but complaints from affiliates about unpaid earnings led to the developer being banned from these platforms.

This case highlights the growing threat of malware on macOS, which has traditionally been seen as more secure than other operating systems. Users are advised to be cautious when downloading software, only using trusted sources like the Apple App Store or official developer websites. Additionally, enabling macOS’s built-in security features such as Gatekeeper, keeping systems updated, and using reputable antivirus software can provide extra layers of protection against such threats. This incident serves as a reminder that no system is entirely immune to cyber threats, and vigilance is crucial.