Fake macOS Apps Infect Devices, Steal Sensitive Data in the Latest Malware Attack

The latest cyber-attack uncovered by security researchers is an information stealer that targets Apple macOS hosts and gathers a wide array of information to reach sensitive computer data. It underscores how threat actors are increasingly targeting the OS as a target.

As of late 2023, malware dubbed Cthulhu Stealer was available as a malware-as-a-service (MaaS) product and was priced at $500 per month as part of a subscription-based price structure. 

As far as the architecture is concerned, it can support both x86_64 and Arm platforms.

Several cybersecurity researchers have discovered a new form of macOS malware that can steal user’s sensitive data in the most insidious ways. A malware called Cthulhu Stealer has been spotted that impersonates popular applications to infect users with Trojan malware that allows the malware to steal passwords for users’ operating systems and the iCloud keychain, as well as cryptocurrency wallets. 

A $500/month service offering for bad actors has reportedly been available since late 2023, as part of the Cthulhu Stealer program. It is particularly effective because it can masquerade as legitimate software and thus make itself appear more appealing.

A Cado Security researcher has pointed out that Cthulhu Stealer is an Apple disk image (DMG) that carries two binaries, depending on the architecture of the machine, according to Gould. 

Using G

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.