New macOS malware poses as legitimate apps to steal passwords and personal data — how to stay safe

Malware
(Image credit: solarseven/Shutterstock)

While Apple's Macs aren't targeted by hackers as much as Windows PCs, they aren't impenetrable. Security researchers recently uncovered malware dubbed "Cthulhu Stealer" that impersonates popular apps to harvest passwords and steal data from macOS users. 

As first reported by The Hacker News, Cado Security pushed out a public warning this week about Cthulhu Stealer, a malware-as-a-service targeting macOS users launched in late 2023 that sells for $500 a month. "The malware is written in Golang and disguises itself as legitimate software," said Cado Security researcher Tara Gould. 

To trick users into installing it, it's appeared as software programs like CleanMyMac, Grand Theft Auto IV, or Adobe GenP, an open-source tool some Adobe users employ to get around having a Creative Cloud subscription. The malware comes packaged as a disk image (DMG) file that contains a pair of binaries, which lets it attack both Intel and Apple Silicon Macs depending on which architecture it detects. 

When a user tries to open the fake app, macOS's built-in security feature, Gatekeeper, warns that the software is unsigned. If the user opts to bypass Gatekeeper protections and let it run anyway, they're given an otherwise legitimate-looking prompt to enter their system password, followed by a second prompt for the MetaMask cryptocurrency wallet. Once it has the necessary permissions, Cthulhu Stealer can siphon a wide range of sensitive data, including saved passwords from iCloud Keychain, web browser cookies and Telegram account information. 

"The main functionality of Cthulhu Stealer is to steal credentials and cryptocurrency wallets from various stores, including game accounts," Gould explained. 

It's an osascript-based technique that we've seen in infostealers and malware before like Atomic Stealer, Cuckoo, MacStealer, and Banshee Stealer. But even if Cthulhu Stealer isn't the most sophisticated malware out there, it still poses a serious threat to Mac users who could stumble into this trap. 

How to stay safe from Mac malware

So what can you do to keep the best Macs protected from malware like Cthulhu Stealer? First and foremost, be vigilant about the apps you download and do your due diligence to make sure whoever you're downloading it from is who they say they are. While your Mac comes with built-in antivirus software in the form of XProtect, consider using that in tandem with one of the best Mac antivirus software solutions. Paid antivirus software is updated more regularly and will often throw in a VPN or password manager to help you stay safe online.

Apple is also working on making it harder to bypass Gatekeeper protections with macOS Sequoia, which is expected to roll out in mid-September. Rather than being able to override Gatekeeper warnings by Control-clicking, users will instead have to go through System Settings to allow unsigned software to run. Hopefully, the annoyance of going through an extra step will be enough of a deterrent to make users think twice before running potentially dangerous apps.

More from Tom's Guide

Alyse Stanley
News Editor

Alyse Stanley is a news editor at Tom’s Guide overseeing weekend coverage and writing about the latest in tech, gaming and entertainment. Prior to joining Tom’s Guide, Alyse worked as an editor for the Washington Post’s sunsetted video game section, Launcher. She previously led Gizmodo’s weekend news desk, where she covered breaking tech news — everything from the latest spec rumors and gadget launches to social media policy and cybersecurity threats.  She has also written game reviews and features as a freelance reporter for outlets like Polygon, Unwinnable, and Rock, Paper, Shotgun. She’s a big fan of horror movies, cartoons, and miniature painting.