Cybersecurity researchers have identified a dangerous new digital virus (malware) targeting Apple computer users. The malicious software, known as Cthulhu Stealer, disguises itself as popular applications and games to infiltrate macOS systems, stealing sensitive information such as passwords, iCloud keys, cryptocurrency wallet logins, and other private credentials.
THE Cthulhu Stealer has a sophisticated strategy to trick users. It presents itself as a DMG file, a common disk image format on macOS. This disguise makes it even more dangerous, as many users may not suspect its true nature.
When trying to install the program, the user is tricked into ignoring the “uncertified developer” warning and providing their administrator password, which grants the virus unrestricted access to the system.
One of the tricks used by the criminals behind the Cthulhu Stealer is to name the malicious file as GTAIV_EarlyAccess_MACOS_Release.dmg. The reference to the popular game Grand Theft Auto IV It is a lure for unsuspecting users who, upon seeing the promise of early access to the game, end up downloading and executing the virus.
The file name also appears to exploit a deliberate typo, suggesting a possible “early access” to the long-awaited GTA VI, which further increases the appeal for fans of the series.
History of attacks and other disguises used by the virus
This is not the first time the name Grand Theft Auto is used to trick macOS users. In April, MacPaw's cybersecurity division, called Moonlock, identified a trojan horse who used the same game to infiltrate the systems.
Furthermore, the Cthulhu Stealer has been masquerading as “Adobe GenP,” an illicit tool designed to activate Adobe products without the need for a paid license key. This type of approach aims to lure users looking for pirated solutions, exposing them to even greater risks.
The virus is capable of infecting devices with both Intel processors and the latest Apple Silicon chips.
According to Tara Gould, a researcher at Cado Security, the Cthulhu Stealer is distributed in an Apple disk image (DMG) that contains two binaries, one for each type of processor architecture. This flexibility allows the malware to target a wide range of devices, expanding the potential for damage.
You need to know:
- URGENT! “BIA scam” targets victims on banking app
- SCAM ALERT on the app! Criminals create fake accounts to divert INSS
- 4 public apps to monitor Climate and Air Quality in Brazil (with images)
Methods of stealing and sending data
Once installed on the system, the Cthulhu Stealer scans for sensitive information. Data that can be captured includes web browser cookies, account information from services like Telegram, and even cryptocurrency wallet access details.
After collecting this information, the virus compresses it into a ZIP file, which is then sent to a server controlled by the hackers. This server acts as an intermediary, facilitating communication between the infected computer and the criminals.
Although there is no evidence that the developers of the Cthulhu Stealer are still active, the software continues to pose a significant threat, especially if it falls into the hands of other malicious actors.
The virus is made available in a “malware-as-a-service” model, where interested parties can pay a fee to access the tool. According to the researchers, access to the Cthulhu Stealer can be contracted for up to US$$ 500 per month (around R$$ 2,750) through Telegram channels, highlighting the sophistication and reach of this illicit market.
Apple's security recommendations and response to the virus
Although threats to macOS are less frequent compared to systems like Windows and Linux, they are becoming increasingly sophisticated.
To protect themselves, macOS users should adopt strict security practices, such as downloading software only from trusted sources, avoiding installing unverified applications, and keeping their system up to date with the latest security patches provided by Apple.
Apple, aware of the increase in these threats, has implemented significant improvements to the security of macOS. The next version of the operating system, macOS 15 Sequoia, promises to bring additional measures to protect users against malware such as Cthulhu Stealer.
Among the new features are stricter mechanisms for running unsigned or unauthenticated software, making it more difficult for viruses to disguise themselves as legitimate applications.
