Cybersecurity experts at Cado Security have discovered a new malware that steals information and targets Apple macOS. The malware is called Cthulhu Thief and is capable of stealing any type of data, including system information, iCloud keychain passwords, other login information, web browser cookies, and Telegram account information.

Moreover, Cthulhu Thief It asks victims to enter login credentials as well as a system password for the popular MetaMask cryptocurrency wallet. “The primary function of Cthulhu Stealer is to steal credentials and cryptocurrency wallets from various stores, including gaming accounts,” Cado Security researchers said in a report.

Experts also noted that functionality and features also attracted attention. Cthulhu Thief It looks very similar to Atomic Stealer, which suggests that the developer of Cthulhu Stealer probably took Atomic Stealer and modified the code. Using osascript to prompt for a user’s password in Atomic Stealer and Cthulhu are similar, including the typos.

Victims are often tricked into downloading malware because it is promoted as legitimate software and games, or as CleanMyMac, Grand Theft Auto IV, and Adobe GenP (an open-source tool that allows Adobe users to bypass Creative Cloud services and activate software without a serial key).

Apparently costing $500 to run and running on both x86_64 and Arm architectures, once Cthulhu has collected all the interesting information, it compresses it into a .ZIP archive and then sends it to the command and control server (C2) in an unknown manner. The good news is that the malware is not very advanced and will likely be detected by most of today’s best antivirus products.