tl;dr
A new malware-as-a-service (MaaS) called "Cthulhu Stealer" has been discovered, debunking the belief that macOS systems are impervious to malware. This malware targets macOS users through deceptive means, disguising itself as legitimate applications and stealing sensitive information, including cryp...
html
A new malware-as-a-service (MaaS) called "Cthulhu Stealer" has been discovered, debunking the belief that macOS systems are impervious to malware. This malware targets macOS users through deceptive means, disguising itself as legitimate applications and stealing sensitive information, including crypto wallet details and system information. Scammers charge $500/month for Cthulhu Stealer and use various strategies, such as posing as employers on social media, to trap victims into installing the malware. To protect themselves, users are advised to install reputable antivirus software and be cautious of immediate software downloads for employment opportunities. Regular software updates can also help reduce the risk of malware infections.
Cado Security’s discovery has thoroughly debunked the belief that macOS systems are impervious to malware. This revelation concerns a new malware-as-a-service (MaaS) called “Cthulhu Stealer,” which targets macOS users through deceptive means. The rise of Cthulhu Stealer indicates that no system is completely secure against cyber threats.
HOW MALWARE STEALS MAC USERS’ CRYPTO?
Cthulhu Stealer disguises itself as legitimate applications such as CleanMyMac and Adobe GenP and software claiming to be an early release of “Grand Theft Auto VI.” Once the user mounts the malicious DMG file, they are prompted to enter the system and MetaMask passwords. This initial deception is just the beginning.
Following the credentials input, the malware utilizes osascript, a macOS tool, to extract passwords from the system’s Keychain. This data, including details from crypto wallets like MetaMask, Coinbase, and Binance, is compiled into a zip archive. This archive, identified by the user’s country code and the time of the attack, contains the stolen information. Cthulhu Stealer also steals data from other platforms, including:
- Chrome extension wallets
- Minecraft user information
- Wasabi wallet
- Keychain passwords
- SafeStorage passwords
- Battlenet game, cache, and log data
- Firefox cookies
- Daedalus wallet
- Electrum wallet
- Atomic wallet
- Harmony wallet
- Electrum wallet
- Enjin wallet
- Hoo wallet
- Dapper wallet
- Coinomi wallet
- Trust wallet
- Blockchain wallet
- XDeFi wallet
- Browser cookies
- Telegram Tdata account information
Moreover, Cthulhu Stealer collects detailed system information such as IP address, system name, and OS version. It then sends this data to a command and control (C2) server, enabling the attackers to refine their strategies.
SCAMMERS CHARGE $500/MONTH FOR CTHULHU STEALER
Scammers use various strategies to trap the victims into installing the malware. For example, on social media, some scammers pose as employers who offer jobs that require downloading software to track working hours. These offers come with a sense of urgency, pushing the potential victim to download the application quickly.
The developers and affiliates behind Cthulhu Stealer, known as the Cthulhu Team, use Telegram to manage their operations. Cado Security informed readers that, “The stealer appears to be being rented out to individuals for $500/month, with the main developer paying out a percentage of earnings to affiliates based on their deployment. Each affiliate of the stealer is responsible for the deployment of the malware.”
To protect themselves, users should install reputable antivirus software that is specifically designed for macOS. They should also be cautious of employment opportunities that require immediate software downloads. Regular software updates can further reduce the risk of malware infections.
More about Toronto Dominion Bank
Toronto Dominion Bank offers a variety of personal and commercial banking products and services in Canada and the United States. The company is headquartered in Toronto, Canada.
Industry: FINANCE, COMMERCIAL BANKS, NEC
Market Cap: 103.74B
PE Ratio: 18.66
EPS: 4.02
Dividend Yield: 3.18%
Beta: 29.5
ROE: 0.157
Revenue: 52.31B
Net Income: 64.91
Debt to Equity: -0.203
Quick Ratio: 0.079
More about RBC Bearings Incorporated
RBC Bearings Incorporated Summary RBC Bearings Incorporated
RBC Bearings Incorporated designs, manufactures, and sells electric motors, electric motion controls, and power generation and transmission products worldwide. The company is headquartered in Beloit, Wisconsin.
Technology Sector
Industry: Ball & Roller Bearings
Market Cap: 8.619897 billion
PE Ratio: 43.5
Dividend Yield: None
EPS: 6.78
52-Week High: 54.52
52-Week Low: 0.14
Volume: 1,579,500,000
Relative Strength Index (RSI): 309
Short Interest Ratio: 0.25
Change from Open: 0.05
More about Youdao Inc
Youdao Inc Stock Analysis Summary
Youdao, Inc. is an Internet technology company based in Hangzhou, China. The company offers online content, community, communication, and commerce services in China.
Sector: Trade & Services
Industry: Educational Services
Market Cap: 411145000
Dividend Yield: None
P/E Ratio: None
EPS: -0.16
Stock Price: 46.66
Beta: -0.0593
Volume: 5617797000
P/B Ratio: 5.3
P/S Ratio: 3.683
P/EG Ratio: 0.197