“Cthulhu Stealer” Malware Targets MetaMask And Other Crypto Wallets On Apple Mac Devices

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

cthulhu stealer malware
cthulhu stealer malware

Join Our Telegram channel to stay up to date on breaking news coverage

A new strain of malware by the name of “Cthulhu Stealer” is targeting Apple Mac users and can extract personal information as well as gain access to many crypto wallets including MetaMask.

The new malware appears as an Apple Disk image and disguises itself as a legitimate application such as CleanMyMac and Adobe GenP.

Phishing Scam Targeting MetaMask Crypto Wallet Holders Nets $650,000; Default Settings Stored Seed Phrases in iCloud - CPO Magazine

Cthulhu Stealer Prompts Mac Users To Enter Their MetaMask Password

Mac users who open the malicious Apple Disk image are first prompted to enter their system’s password. Thereafter, a second prompt asks users to enter the passphrase for their MetaMask wallets. 

Cthulhu Stealer also targets other popular wallets that may be installed on the users’ device. Wallets such as those from Coinbase, Wasabi, Electrum, Binance, Atomic and Blockchain Wallet are all at risk.

Information such as the device’s IP address and operating system are also extracted by the malware once it has stored the stolen data in text files.

Similarities Between The New Malware And The Atomic Stealer Identified In 2023

Cybersecurity firm Cado Security drew comparisons between Cthulhu Stealer and a malware that was identified in 2023 called Atomic Stealer in a recent blog post. Both malwares are designed to steal crypto wallet information, browser credentials and keychain information.

“The functionality and features of Cthulhu Stealer are very similar to Atomic Stealer, indicating the developer of Cthulhu Stealer probably took Atomic Stealer and modified the code,” said a researcher from Cado Security in the blog post. Both malwares even include the same spelling mistakes in their prompts, the researcher added.

Cthulhu Stealer is being rented out on Telegram to affiliates for $500 per month. The lead developer of the malware also gets a percentage of the profits from every successful deployment.

However, scammers behind the malware seem to no longer be active due to disputes over payments that have led to accusations of an exit scam by affiliates.

Related Articles:

Newest Meme Coin ICO - Wall Street Pepe

Rating

Wall Street Pepe
  • Audited By Coinsult
  • Early Access Presale Round
  • Private Trading Alpha For $WEPE Army
  • Staking Pool - High Dynamic APY
Wall Street Pepe

Join Our Telegram channel to stay up to date on breaking news coverage

Read next

Please enter Coingecko & CoinMarketcap Api Key to get this plugin works