Recent reports emerge showing infections in Mac computers—particularly from active crypto users. Two striking presence of malware in this case are the Banshee Stealer and the Cthulhu Stealer, developed to deceive users into transferring sensitive information, more like passwords and credentials to cryptocurrency wallets.
The Banshee Stealer, as detected by Elastic Labs, is potent malware with various functions. It collects sensitive information, such as browsing history, cookies, and login information from applications like Microsoft Edge, Google Chrome, Mozilla Firefox, as well as numerous cryptocurrency wallets such as Electrum and Coinomi.
The malware uses several deceiving techniques, like streamlining the fraudulent password-prompt view to stimulate real system behavior for a better trap of the real password from the innocent user. It can also check the main working language and does not infect the computer if it is set to Russian.
Cthulhu Stealer Malware
First spotted a few months ago, the Cthulhu Stealer is marketed as malware-for-hire for a measly $500 per month. Usually, this Trojan will masquerade as a piece of legitimate software, which it tricks users into downloading and installing, typically under the name CleanMyMac or Adobe GenP.
The said malware variant runs on both Intel and Apple Silicon Macs. After the first launch, it will request the user’s system password and then the MetaMask wallet password. On the victim’s machine, it scrapes massive personal data, from iCloud Keychain entries to cookies of various web browsers, and sends these to a command-and-control server.
Protecting Crypto Against Malware Threats
Users have to be extremely careful with downloading software and they should only install it from trusted locations. Verify the authenticity of applications before installation. Enabling security features, such as keeping macOS up to date with the latest security patches and using antivirus software, can provide improved protection.
Image: The KR Group
As an additional measure, they suggest the practice of reviewing internet accounts periodically in order to detect intrusion and the use of strong, unique passwords, as well as two-factor authentication where possible.
The company is now fighting back against such threats with new, improved security within macOS Sequoia, which will no longer allow users to open software that lacks the right signature or isn’t notarized just by Control-clicking on it to bypass Gatekeeper.
Instead, they will have to proceed into System Settings and view the security information about it before using the software. With malware for Macs becoming one of the fastest in development, especially in relation to cryptocurrency, vigilance and proactive security practice become very vital in the protection of personal data.
Traditionally, Macs have been considered the less vulnerable machines compared with the Windows peers, but the recent past, which has seen attacks surge in, is a pointer to the fact that no system is completely safe. Staying informed and embracing proper security practices will significantly enhance resilience to such emerging threats for all Mac users.
Featured image from Pexels, chart from TradingView
