A new information-stealing malware called Cthulhu Stealer have been discovered, which targets Apple macOS systems and harvests a wide array of data, highlighting the growing focus of threat actors on the operating system.
Cthulhu Stealer, available under a malware-as-a-service (MaaS) model for $500 per month since late 2023, can target both x86_64 and Arm architectures.
According to Tara Gould, a researcher at Cado Security, “Cthulhu Stealer is delivered as an Apple disk image (DMG) that includes two binaries based on the architecture. The malware is written in Golang and masquerades as legitimate software.”
It impersonates various software programs, including CleanMyMac, Grand Theft Auto IV, and Adobe GenP—a tool that patches Adobe apps to bypass the Creative Cloud service and activate them without a serial key.
Although threats to macOS are less common compared to Windows and Linux, users should download software only from trusted sources, avoid installing unverified apps, and keep their systems updated with the latest security patches.