'Cthulhu Stealer' macOS Malware Can Steal Keychain Passwords, Web Browsing Info, Crypto Wallets, and More

Apple's Macs are less targeted by malware than Windows PCs, but that doesn't mean they are immune. Increasingly, insidious types of Mac malware are being developed that have researchers concerned enough to issue public warnings, and that's the case again today.

macos cthulu stealer malware
As reported by Hacker News, Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named "Cthulhu Stealer." First spotted in late 2023, the malicious software is designed to steal sensitive information from infected Macs, such as saved passwords from iCloud Keychain, information from web browsers, and even details from Telegram accounts.

What's particularly concerning is that it's being sold as a service on the dark web for $500 per month, potentially allowing multiple bad actors to use it against unsuspecting Mac owners.

Cato Security researcher Tara Gould reports that Cthulhu Stealer disguises itself as popular software to trick users into installing it. It might appear as CleanMyMac, Grand Theft Auto IV, or even Adobe GenP (a tool some users employ to bypass Adobe's subscription model). The malware comes packaged as a disk image (DMG) file.

If a user tries to open the fake app, macOS's built-in security feature, Gatekeeper, warns that the software is unsigned. But if a user chooses to bypass this warning, the malware immediately asks for the user's system password, mimicking a legitimate system prompt. This technique isn't new – other Mac malware like Atomic Stealer and MacStealer use similar tricks.

Once it has the necessary permissions, Cthulhu Stealer can access and steal a wide range of sensitive data. For crypto users, it specifically targets MetaMask digital wallet information. All of this stolen data is then sent to the attackers' servers.

Notably, reports suggest that whoever designed Cthulu Stealer is no longer active, apparently following disputes over payments and accusations of scamming their own customers, i.e. other cybercriminals who were using the malware.

While Cthulhu Stealer isn't the most sophisticated malware out there, it's still a significant threat to Mac users who might be tricked into installing it. General security pointers include only downloading software from trusted sources like the App Store or official developer websites, being wary of any app asking for your system password during installation, and keeping your Mac updated with the latest security patches from Apple.

In macOS Sequoia, expected to be released in mid-September, Apple plans to remove the ability to easily override Gatekeeper warnings by Control-clicking. Instead, users will need to go through System Settings to allow unsigned software to run, adding an extra step that might make users think twice before running potentially dangerous apps.

Tag: Malware

Popular Stories

maxresdefault

Apple Releases iOS 18.4 With Priority Notifications, Ambient Music, New Emoji and More

Monday March 31, 2025 10:03 am PDT by
Apple today released iOS 18.4 and iPadOS 18.4, the fourth major updates to the iOS 18 and iPadOS 18 operating system updates that came out last year. iOS 18.4 and iPadOS 18.4 come two months after Apple released iOS 18.3 and iPadOS 18.3. Subscribe to the MacRumors YouTube channel for more videos. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to...
iPhone 17 Pro 34ths Perspective

iPhone 17 Pro Launching Later This Year With These 10 New Features

Sunday March 23, 2025 10:00 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of March 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
iOS 19 Mock WWDC25 Feature

iOS 19 Expected to Run on These iPhones

Monday March 31, 2025 5:28 pm PDT by
iOS 19 will not be available on the iPhone XR, iPhone XS, or the iPhone XS Max, according a private account on social media site X that has accurately provided information on device compatibility in the past. The iPhone XR, iPhone XS, and iPhone XS Max all have an A12 Bionic chip, so it looks like iOS 19 will discontinue support for that chip. All other iPhones that run iOS 18 are expected...
top stories 2025 03 29

Top Stories: WWDC 2025 Announced, iPhone 17 Pro and iOS 19 Rumors, and More

Saturday March 29, 2025 6:00 am PDT by
Apple's big developer event is a little over two months away, and rumors about what we can expect to see in Apple's next major operating system updates are becoming increasingly frequent. A public release of iOS 18.4 is also imminent with a number of updates and improvements, although we won't be getting the major Apple Intelligence Siri upgrades that had reportedly been planned for this...
Magic Mouse Green

What to Expect From the Magic Mouse 3

Saturday March 29, 2025 10:15 am PDT by
Apple is reportedly working on a new Magic Mouse. Below, we recap what to expect. The two key rumors for the Magic Mouse 3 so far include a relocated charging port, along with a more ergonomic design. It was briefly rumored that the Magic Mouse 3 would also feature voice control, but that was misinterpreted information. Relocated Charging Port While the Magic Mouse switched from...
iOS 18

iOS 18.4 Expected Next Week - Here Are the Release Notes

Friday March 28, 2025 2:01 pm PDT by
With the second release candidate of iOS 18.4 that Apple seeded out today, the company finally provided us with release notes that give a full rundown on what to expect. There's an Apple Vision Pro app, new Apple Intelligence features for notifications and additional language support, plus an Apple News Food feature for Apple News+ subscribers, and several updates that should improve the...
Foldable iPhone 2023 Feature Homescreen

Six Things to Know About Apple's Upcoming Foldable iPhone

Friday March 28, 2025 3:54 pm PDT by
We've been hearing rumors about a foldable iPhone for almost a decade now, but it looks like we might finally see the device come to fruition in 2026. We're going to be waiting many more months for the foldable iPhone, but so far we're hearing good things. Apple wants to make it creaseless. It's taken Apple multiple years to design a foldable iPhone that it's satisfied with because Apple ...
AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 2 and AirPods 4

Monday March 31, 2025 11:27 am PDT by
Apple today released new firmware updates for all AirPods 4 and AirPods Pro 2 models. The new firmware is version 7E93, up from the 7B21 firmware that was installed on the AirPods Pro 2 and the 7B20 firmware available on the AirPods 4 and AirPods 4 with ANC. It is not immediately clear what new features or changes are included in the new firmware, but we'll update this article should we find ...

Top Rated Comments

roar08 Avatar
8 months ago

It might appear as CleanMyMac, Grand Theft Auto IV, or even Adobe GenP (a tool some users employ to bypass Adobe's subscription model). The malware comes packaged as a disk image (DMG) file.
In other words, it might appear as the software you're pirating.
Score: 48 Votes (Like | Disagree)
Darth Tulhu Avatar
8 months ago
Walled gardens exist FOR A REASON.
Score: 31 Votes (Like | Disagree)
sw1tcher Avatar
8 months ago

As reported by Hacker News ('https://thehackernews.com/2024/08/new-macos-malware-cthulhu-stealer.html'), Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named "Cthulhu Stealer."
My name isn't Cthulhu Stealer so I should be safe, right?
Score: 30 Votes (Like | Disagree)
WarmWinterHat Avatar
8 months ago

Walled gardens exist FOR A REASON.
They do, to make Apple money.
Score: 25 Votes (Like | Disagree)
wonderings Avatar
8 months ago
So if you don't pirate software you are good, makes sense.
Score: 20 Votes (Like | Disagree)
Darth Tulhu Avatar
8 months ago

They do, to make Apple money.
Security guards get paid, don't they?
Score: 19 Votes (Like | Disagree)