Skip to main content
  1. Home
  2. Computing
  3. News

A new malware threat to macOS adds to the data-stealing surge

By
Mac password prompt.
Cado Security

If you still think Macs are inherently safe from malware, think again.

Mac users have another threat to worry about. Cthulhu Stealer, a new Mac malware threat, tries to steal sensitive data such as passwords and cryptocurrency wallets, Cado Security reports in a blog post. The malware threat disguises itself as authentic software to gather login credentials.

Recommended Videos

Cado Security describes how the malware functions: “Cthulhu Stealer is an Apple disk image (.dmg) that is bundled with two binaries, depending on the architecture. The malware is written in Golang and disguises itself as legitimate software. Once the user mounts the .dmg, the user is prompted to open the software. After opening the file, osascript, the macOS command-line tool for running AppleScript and JavaScript, is used to prompt the user for their password. ”

After this, users will see a second prompt to enter their MetaMask password. Cuckoo, Atomic Stealer, and Banshee Stealer also use this technique. However, the latest malware threat aims to gather system data and get rid of users’ iCloud Keychain passwords via a software named Chainbreaker.

Users must be cautious, as the new malware can masquerade as software apps such as AdobeGenP, CleanMyMac, and Grand Theft Auto IV by leveraging Apple disk images (DMG). You can use the AdobeGenP app without entering a serial key or paying for a Creative Cloud subscription.

Cthulhu Stealer takes data, including Telegram account information and web browser cookies, puts it into a ZIP archive file, and sends it to a command-and-control (C2) server — in other words, to the attackers. It also shares similarities with Atomic Stealer, having the same spelling mistakes and other functions and features, which indicates the developer used the same code and made some modifications.

Users can take precautions to stay safe, such as only downloading software from trustworthy sources and keeping their Macs running on the latest version. Downloading some legitimate Mac antivirius software isn’t a bad idea, either.

Apple is aware of the rise in Mac malware and has made essential security changes, saying, “In macOS Sequoia, users will no longer be able to Control-click to override Gatekeeper when opening software that isn’t signed correctly or notarized.” You’ll need to go to System Settings > Privacy & Security to analyze the security information for the software before you use it.

Editors’ Recommendations

Topics
Judy Sanhz
Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
I found an app that fixes macOS Sequoia’s annoying pop-ups
macOS Sequoia being introduced by Apple's Craig Federighi at the Worldwide Developers Conference (WWDC) 2024.

Years ago, back when I used Windows Vista, I got so annoyed by the constant User Account Control (UAC) pop-ups asking for permission seemingly every time I did anything that I downloaded an app that could silence them for good. Perhaps not the most sensible thing to do from a security perspective -- OK, definitely not the most sensible thing to do -- but I was a desperate man. These days, I’m getting similar vibes from macOS Sequoia.

That’s because Apple’s latest operating system will nag you about permissions on a monthly basis for anything that records your screen. Granted, it’s not as frequent as what I’d get in Windows Vista -- and these prompts were actually weekly in the macOS Sequoia beta, which caused such a blowback from users that Apple changed the frequency -- but it still feels like it’s going to be a real pain for me and a lot of users. Sure, macOS Sequoia hasn’t actually been out long enough for me to be bugged by these alerts every month yet, but I don’t want to hang around until I start pulling my hair out. I need to take action now.

Read more
Two of the best Apple Intelligence features on Mac still need work
Apple Intelligence in macOS Sequoia being used to summarize a selection of text.

Recently, Apple launched the macOS Sequoia 15.1 beta, and with it came a bunch of new Apple Intelligence features. Not everything, mind you – many of the flagship tools, like the Image Playground and Siri’s more powerful capabilities, might not debut until next year. But there’s enough Apple Intelligence here to get a feel for the new system.

Ever since the beta came out, there have been two areas of Apple Intelligence I’ve wanted to focus my attention on: Mail summaries and Apple’s suite of Writing Tools. These are some of the most fleshed-out Apple Intelligence elements that exist in macOS Sequoia right now, and also potentially two of the most useful, so it made sense to channel my efforts toward them.

Read more
macOS Sequoia fixes a problem that’s bugged me for years
The iPhone Mirroring feature from macOS Sequoia being demonstrated at the Worldwide Developers Conference (WWDC) 2024.

Sometimes, people think it’s the big, headline features -- like Apple Intelligence -- that make an operating system great. But there’s one new feature in macOS Sequoia that shows the opposite is true -- that a collection of less glamorous, yet meaningful changes can have a much bigger impact.

I’m talking about Apple’s new iPhone Mirroring feature. Or rather, one particular element of iPhone Mirroring: its new drag-and-drop ability. Even in the few short days it’s been available, it’s managed to improve my daily workflow and fix an issue that’s been bugging me for years.

Read more