Cybersecurity researchers have uncovered new information on malware that targets Apple macOS hosts and gathers a range of data, demonstrating the increasing attention that threat actors are devoting to the OS.
Researchers studying cybersecurity have discovered a new information thief that targets Apple macOS hosts and collects a variety of data, highlighting the growing attention that threat actors are paying to the operating system. Malware known as Cthulhu Stealer is being offered as a malware-as-a-service (MaaS) starting in late 2023 for $500 per month. It can be used with the Arm and x86_64 architectures. According to Tara Gould, a researcher at Cato Security, “Cthulhu Stealer is an Apple disk image (DMG) that is bundled with two binaries, depending on the architecture.” “The malware is written in Golang and disguises itself as legitimate software.”
It poses as a number of different software applications, such as CleanMyMac, Grand Theft Auto IV, and Adobe GenP, an open-source utility that patches Adobe applications to disable the Creative Cloud service and enable them without a serial key. An OSAScript-based method that has been implemented by Atomic Stealer, Cuckoo, MacStealer, and Banshee Stealer prompts users to input their system password if they choose to launch the unsigned file after expressly permitting it to be executed, hence evading Gatekeeper security.
The primary purpose of Cthulhu Stealer, according to Gould, is to steal cryptocurrency wallets and login credentials from a variety of sources, including game accounts. Because Cthulhu Stealer’s features and functionality are so similar to Atomic Stealer’s, it is likely that Atomic Stealer’s code was taken and modified by Cthulhu Stealer’s developer. Both Atomic Stealer and Cthulhu employ osascript to ask the user for their password; in fact, they even use the same spelling errors.” The main developer of the virus has been permanently barred from a cybercrime marketplace that was used to advertise the stealer, allegedly due to disagreements about payments that sparked charges of an exit scam by affiliates. As a result, the threat actors behind the malware are allegedly no longer operating.
The Cthulhu Stealer is not very intelligent, and it does not have any anti-analysis methods that would enable it to function covertly. Additionally, it lacks any unique characteristic that sets it apart from other underground offers of a similar nature.Although there aren’t as many threats to macOS as there are for Windows and Linux, users are nevertheless advised to update their computers with the most recent security patches, avoid downloading untrusted apps, and only obtain software from reputable sources. Apple, which earlier this month announced an update to its next version of the operating system that tries to create extra friction when attempting to launch software that isn’t signed appropriately or notarized, has observed the rise in macOS malware.
Users opening software that isn’t properly signed or notarized will no longer be able to control-click to bypass Gatekeeper in macOS Sequoia, according to Apple. “They’ll need to visit System Settings > Privacy & Security to review security information for software before allowing it to run.”
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
