SC Media reports that several legitimate software — including Adobe GenP, CleanMyMac, and the upcoming Grand Theft Auto VI video game — have been spoofed by the new Cthulhu Stealer malware-as-a-service to facilitate the exfiltration of data across 24 different sources in macOS.
Attacks with Cthulhu Stealer involved a pair of prompts seeking users' passwords and MetaMask credentials, as well as Keychain content extraction via the Chainbreaker tool, IP information retrieval, system data fingerprinting, and credential and cryptocurrency wallet monitoring, an analysis from Cado Security revealed.
Despite having similarly leveraged the osascript command-line tool for the password prompt as well as had code with the same spelling errors as the Atomic Stealer, Cthulhu did not have a control panel for threat actors and has been offered at half the price as Atomic, said researchers.
The report also noted that Cthulhu's developer Balaclavv had been prohibited from a hacking forum due to allegations of having stolen from its own affiliates.
