As a Mac user, you might feel secure, believing that Apple’s operating system is invulnerable to malware. But times are changing, and so are the tactics of cybercriminals. There’s a dangerous new malware on the loose, and it’s coming after your crypto wallets. Dubbed “Cthulhu Stealer,” this malicious software is a serious threat that could drain your crypto holdings before you even realize what’s happening.
For years, MacOS was perceived as nearly impenetrable—immune to the viruses and malware that plague other systems. Unfortunately, those days are fading into memory. As crypto adoption grows, so does the sophistication of attacks targeting users like you. Cybersecurity firm Cado Security issued a stark warning on August 22: MacOS malware is on the rise, and the newest player in this game is the Cthulhu Stealer, a sneaky and sinister tool designed to steal your personal information and empty your crypto wallets.
So, how does this malicious software work? It disguises itself as common, everyday software, like CleanMyMac or Adobe GenP. Once you download and open the file, it prompts you for your Mac password, a seemingly harmless request. But this is where the danger begins. Enter your password, and the malware springs into action, going after the password to your MetaMask wallet—a popular Ethereum wallet. And MetaMask isn’t the only target. Cthulhu Stealer also has its sights on wallets from Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet.
Think about it: all your hard-earned crypto could vanish in seconds because of one wrong click. It’s terrifying, right? What’s even worse is that the malware collects your system’s information, like your IP address and operating system details, which can be used to further target or exploit you.
But there’s more to the story. Cthulhu Stealer shares an eerie similarity with another Mac malware called Atomic Stealer, which surfaced in 2023. Experts believe the creator of Cthulhu likely borrowed or modified the code from Atomic Stealer, meaning these attacks are becoming more refined and harder to detect.
The cybercriminals behind Cthulhu aren’t even lone wolves—they’ve been renting out the malware to others for $500 per month via Telegram, offering a way for affiliates to cash in on these malicious schemes. These shadowy networks are evolving rapidly, driven by the lure of crypto riches. Luckily, recent disputes among the scammers have reportedly caused some to exit the game, but that doesn’t mean the threat is over.
So what can you do? Awareness is the first step. Apple itself is beginning to take this threat seriously. As part of its efforts, Apple has recently enhanced its macOS system to make it more challenging to bypass the protective Gatekeeper feature. While this is a step in the right direction, the best defense is to remain cautious. Always double-check software downloads, even if they seem legitimate, and never let your guard down when it comes to protecting your crypto assets.