Apple Mac users, be careful!

We know that malwares are less common on macOS than on Windows. However, you must be aware that there is a malicious software that disguises itself as a legitimate software to steal your keychain passwords, web browsing information, crypto wallets and a lot more.

"Cthulhu Stealer might appear as Adobe GenP, CleanMyMac, Grand Theft Auto IV,… The malware comes packaged as a disk image (DMG) file.” Has reported, the Cato Security researcher Tara Gould.

How does it operate?

When the user tries to open the fake app, Gatekeeper, macOS's built-in security feature, warns that the software is unsigned. However, if a user chooses to bypass this warning, the malware immediately asks for the user's system password, like a legitimate system prompt.

Then, when it obtains all the necessary permissions, Cthulhu Stealer gets access and steals your data. The stolen information is stored in text files, and the malware also gathers additional system details such as IP address.

It specifically targets MetaMask digital wallet information, for crypto users, along with other crypto wallets like Coinbase and Binance.

But wait, there is even more!

The malware was available for rent on the dark web and even Telegram for $500 per month! Making it even more dangerous because multiple bad actors could use it.

Does Apple plan to do something about it?

Apple plans to remove the ability to easily override Gatekeeper warnings by Control-clicking. However, they plan to add this functionality to the latest version of macOS, macOS Sequoia, expected to be realeased in September.

What can users do?

Users are advised to only download applications from reliable sources such as the Mac App Store or legitimate publisher websites. Also, be extremely careful where do you share your wallets credentials.