Mac Sequoia Security Update Coming Following Malware Threat
Mac users face a new threat as researchers discovered a new malware, Cthulhu Stealer, targeting macOS users, including the latest mac Sequoia by distinguishing itself a popular application to steal sensitive data, including passwords.
Cado Security, a cybersecurity firm, has identified this malware and issued a public warning about it, reporting that Cthulhu Stealer operates as a malware-as-a-service (MaaS) targeting Mac users.
Malware as-a-service is a business model usually used by cybercriminals and sold on the dark web for attackers who cannot afford to create malware on their own or even do not have the skills to do so.
Researcher at Cado security, Tara Gould, explains that the malware is written in the Go Programming language (Golang) and is being sold. It impersonates itself as legitimate software, pushing users to install it on their devices.
Golang is an open-source programming language developed by Google, enabling software developers to develop web applications, cloud and networking services, and other types of software
“Cthulhu Stealer is an Apple disk image (DMG) that is bundled with two binaries, depending on the architecture,” Cado Security researcher Tara Gould said.
“The malware is written in Golang and disguises itself as legitimate software,” Gould said.
This service offers features, such as user-friendly interfaces, customer service, updates, and customization options, simplifying the process of launching cyberattacks.
A Threat Hiding Behind Trusted Apps
The researchers discovered that Cthulhu Stealer has impersonated popular software, among them CleanMyMac, Grand Theft Auto IV, and Adobe GenP – an open-source tool some Adobe customers use to bypass Creative Cloud subscriptions.
The malware spreads via Apple Disk Image (DMG) files containing binaries created for either Intel or Apple Silicon Macs, depending on the target.
Tara Gould explains, “The primary goal of Cthulhu Stealer is to steal credentials and cryptocurrency wallets from various sources, including game accounts.”
When users attempt to open the fake app, macOS’s Gatekeeper, security feature issues a warning that the software is unsigned. If the user ignores the warning, a password is requested, followed by the MetaMask cryptocurrency wallet credentials.
If this information is provided to the system, Cthulhu Stealer can harvest a significant amount of sensitive data, including iCloud Keychain passwords, web browser cookies, and Telegram account information.
Apple’s Response
To combat such malware, Apple is enhancing Gatekeeper protections in the upcoming mac Sequoia , set for release in mid-September. This update will make it harder to bypass Gatekeeper, requiring users to go through System Settings
“In macOS Sequoia, users will no longer be able to Control-click to override Gatekeeper when opening software that isn’t signed correctly or notarized,” Apple said, “they’ll need to visit System Settings > Privacy & Security to review security information for software before allowing it to run.”
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Intelligent Tech sections to stay informed and up-to-date with our daily articles.