A new type of malware has been discovered that targets macOS users. Dubbed “Cthulhu Stealer,” this malware disguises itself as legitimate software and can steal sensitive information like passwords and personal data.
The malware is sold as a service for $500 per month and has been designed to trick users into installing it by appearing as popular apps like CleanMyMac, Grand Theft Auto IV, or Adobe GenP. Once installed, the malware can attack both Intel and Apple Silicon Macs, depending on which architecture it detects.
When a user tries to open the fake app, macOS’s Gatekeeper feature warns that the software is unsigned. If the user chooses to bypass these protections and let the app run, they will be prompted to enter their system password, followed by a second prompt for the MetaMask cryptocurrency wallet. Once it has the necessary permissions, Cthulhu Stealer can siphon a wide range of sensitive data, including saved passwords from iCloud Keychain, web browser cookies, and Telegram account information.
To stay safe from Mac malware like Cthulhu Stealer, users should be vigilant about the apps they download and do their due diligence to ensure that whoever they’re downloading it from is who they say they are. Additionally, consider using antivirus software in tandem with XProtect, Apple’s built-in antivirus tool. Paid antivirus software is updated more regularly and often includes a VPN or password manager to help users stay safe online.
Apple is also working on making it harder to bypass Gatekeeper protections with the upcoming macOS Sequoia update, which is expected to roll out in mid-September. This will require users to go through System Settings to allow unsigned software to run, rather than being able to override Gatekeeper warnings by Control-clicking.
Source: https://www.tomsguide.com/computing/malware-adware/new-macos-malware-poses-as-legitimate-apps-to-steal-passwords-crypto-wallets-and-more-how-to-stay-safe