We all have this belief that Apple products provide us with better privacy and security than any other product out there in the market. And it does provide enhanced security but at the same time, Apple products are also vulnerable up to an extent. Recently a report came from Hacker News that reported that Cado security has identified a malware as a service(MaaS) named Cthulhu Stealer. This malware has been available as a malware-as-a-service (MaaS) model for $500 a month from late 2023. It can target both x86_64 and Arm architectures. Cado Security researcher Tara Gould said about this “Cthulhu Stealer is an Apple disk image (DMG) that is bundled with two binaries, depending on the architecture,”. He further says “The malware is written in Golang and disguises itself as legitimate software.”
This malware impersonates itself as CleanMyMac, Grand Theft Auto IV, and Adobe GenP. Those users who end up launching the unsigned file by bypassing Gatekeeper protections are directed to enter their system password. This is an osascript-based technique that has been adopted by the Atomic Stealer, Cuckoo, MacStealer, and Banshee Stealer. This malware harvests the system information that comprises web browser cookies and Telegram account information, is compressed and stored in a ZIP archive file, and is sent to the command-and-control (C2) server. The similar functionality of this malware with the Atomic stealer suggests that someone might have modified the code of this.
Here it becomes important that the user not only stay away from installing apps from unverified apps but also keep their system up to date with the latest security updates.
