Apple Mac users have been warned about a new type of malicious software called "Cthulhu Stealer" that can steal users' personal information and target crypto wallets.
A few days ago, cyber security company Cado Security said: "For years, it was widely believed that macOS systems were immune to malicious software. While MacOS has a reputation for security, malicious software has been on the rise in recent years."
"Cthulhu Stealer" is understood to appear as an Apple Disk Image (DMG) and disguised as legitimate software such as CleanMyMac and Adobe GenP. When the user opens the file, the macOS command-line tool used to run AppleScript and JavaScript prompts the user for a password.
Once entered, a second prompt will appear to enter the password for the Ethereum wallet MetaMask. It also targets other popular crypto wallets, including those from
Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet.
The malicious software stores the stolen data in a text file and then fingerprints the victim's system to collect data such as Internet Protocol Address and operating system version.
"The main function of Cthulhu Stealer is to steal credentials and cryptocurrency wallets from various stores, including gaming accounts," explains Cado researcher Tara Gould. However, the fraudsters behind the malicious software are no longer active.