AUS
NZ
UK
CA
USA
IND
_06_04_2026_00_29_48_108019.jpg)
A new strain of malware named “Cthulhu Stealer” is posing a significant threat to Apple Mac users, particularly those using popular {Cryptocurrency} wallets. This malware targets widely used wallets such as MetaMask, Coinbase, Wasabi, Electrum, Atomic, Binance, and Blockchain Wallet on macOS operating systems.
According to cybersecurity firm Cado Security, the malware exploits a common misconception that macOS systems are largely immune to malware threats. As reported on August 22, Cthulhu Stealer operates by leveraging the macOS command-line tool to prompt users for their passwords. After obtaining the system password, the malware requests the password for cryptocurrency wallets, leading to theft of sensitive information.
Cthulhu Stealer collects stolen data in text files and proceeds to gather additional information about the victim’s system, including IP address and operating system version. The primary function of this malware is to extract credentials and cryptocurrency wallet data, including information related to game accounts, as explained by Cado researcher Tara Gould.
The malware bears similarities to Atomic Stealer, which was identified in 2023 targeting Apple computers. This suggests that Cthulhu Stealer’s developer likely adapted the code from Atomic Stealer. The malware was reportedly rented out to affiliates for a subscription fee via the Telegram messaging platform, with the main developer sharing profits from successful deployments. However, recent disputes over payments have led to accusations of an exit scam by these affiliates, leaving the malware’s operators inactive.
On August 23, Cointelegraph reported the emergence of another malware, AMOS, which also targets Mac users by cloning Ledger Live software, heightening concerns about malware threats on macOS.
In response to increasing malware threats, Apple has taken steps to enhance security. On August 6, Apple announced updates to its next-generation macOS version, making it more challenging for users to override Gatekeeper protections that control the execution of trusted applications.
This development underscores the growing need for vigilance and robust security practices among macOS users, particularly those handling sensitive financial and personal data.
