{"id":569019,"date":"2024-08-26T08:15:55","date_gmt":"2024-08-26T08:15:55","guid":{"rendered":"https:\/\/insidebitcoins.com\/?p=569019"},"modified":"2024-08-26T06:47:47","modified_gmt":"2024-08-26T06:47:47","slug":"cthulhu-stealer-malware-targets-metamask-and-other-crypto-wallets-on-apple-mac-devices","status":"publish","type":"post","link":"https:\/\/insidebitcoins.com\/news\/cthulhu-stealer-malware-targets-metamask-and-other-crypto-wallets-on-apple-mac-devices","title":{"rendered":"\u201cCthulhu Stealer\u201d Malware Targets MetaMask And Other Crypto Wallets On Apple Mac Devices"},"content":{"rendered":"

A new strain of malware by the name of “Cthulhu Stealer” is targeting Apple Mac users and can extract personal information as well as gain access to many crypto wallets including MetaMask.<\/span><\/p>\n

The new malware appears as an Apple Disk image and disguises itself as a legitimate application such as CleanMyMac and Adobe GenP.<\/span><\/p>\n

\"Phishing<\/p>\n

Cthulhu Stealer Prompts Mac Users To Enter Their MetaMask Password<\/span><\/h2>\n

Mac users who open the malicious Apple Disk image are first prompted to enter their system’s password. Thereafter, a second prompt asks users to enter the passphrase for their <\/span>MetaMask<\/span><\/a> wallets. <\/span><\/p>\n

Cthulhu Stealer also targets other popular wallets that may be installed on the users’ device. Wallets such as those from Coinbase, Wasabi, Electrum, <\/span>Binance<\/span><\/a>, Atomic and Blockchain Wallet are all at risk.<\/span><\/p>\n

Information such as the device’s IP address and operating system are also extracted by the malware once it has stored the stolen data in text files.<\/span><\/p>\n

Similarities Between The New Malware And The Atomic Stealer Identified In 2023<\/span><\/h2>\n

Cybersecurity firm Cado Security drew comparisons between Cthulhu Stealer and a malware that was identified in 2023 called Atomic Stealer in a recent <\/span>blog post<\/span><\/a>. Both malwares are designed to steal crypto wallet information, browser credentials and keychain information.<\/span><\/p>\n

“The functionality and features of Cthulhu Stealer are very similar to Atomic Stealer, indicating the developer of Cthulhu Stealer probably took Atomic Stealer and modified the code,” said a researcher from Cado Security in the blog post. Both malwares even include the same spelling mistakes in their prompts, the researcher added.<\/span><\/p>\n

\n

Recently, Cado Security has identified a malware-as-a-service (MaaS) targeting macOS users named “Cthulhu Stealer”. This blog will explore the functionality of this malware and provide insight into how its operators carry out their activities: https:\/\/t.co\/nJCt6RnUfG<\/a><\/p>\n

— Cado (@CadoSecurity) August 22, 2024<\/a><\/p><\/blockquote>\n