CrashStealer is a new macOS infostealer that masquerades as Apple’s CrashReporter component, uses an Apple‑notarized installer to slip past Gatekeeper, tricks users into handing over their password, and then systematically loots browsers, password managers, crypto wallets, and Keychain secrets before exfiltrating them in AES‑encrypted bundles.
Researchers have been following the development of CrashStealer since May 2026. It impersonates Apple’s CrashReporter component by taking the name CrashReporter.app. It also creates a LaunchAgent named com.apple.crashreporter.helper and uses the legitimate tool’s icon and metadata to look as trustworthy as possible.
Read more…
Source: Malware Bytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- How AI-Native Development Platforms Enable Fake Captcha Pages
September 19, 2025
Artificial intelligence has revolutionized web development, empowering even novice users to create professional-looking websites. Tools like Lovable enable anyone to build and host applications with little to no coding knowledge, while Netlify and Vercel position themselves as AI-native development platforms. However, cybercriminals are increasingly exploiting these services to create and host fake captcha challenge websites, which ...
- SonicWall customers told to reset credentials following firewall data breach
September 19, 2025
SonicWall is urging its firewall customers to reset their passwords after confirming it suffering a security incident which may have exposed their data. In a security announcement, SonicWall outlined how unnamed threat actors brute-forced their way into the company’s MySonicWall cloud service. This tool allows SonicWall firewall users (typically businesses and IT teams) to back up ...
- Disrupted phishing service was after Microsoft 365 credentials
September 18, 2025
Microsoft and Cloudflare have disrupted a Phishing-as-a-Service operation, known as RaccoonO365. The primary goal of RaccoonO365 (or Storm-2246 as Microsoft calls it) was to rent out a phishing toolkit that specialized in stealing Microsoft 365 credentials. They were successful in at least 5,000 cases, spanning 94 countries since July 2024. The operation provided the cybercriminals’ customers ...
- Node Package Manager Supply Chain Attack
September 18, 2025
On September 15, the Node Package Manager (NPM) repository experienced an ongoing supply chain attack, in which the attackers executed a highly targeted phishing campaign to compromise the account of an NPM package maintainer. With privileged access, the attackers injected malicious code into widely used JavaScript packages, threatening the entire software ecosystem. Notably, the attack has ...
- UK: Two teenagers charged over Transport for London cyber attack
September 18, 2025
Two teenagers have been charged in connection with a massive cyber attack which caused Transport for London (TfL) months of disruption. The National Crime Agency (NCA) says it believes the hack – which began on 31 August last year – was carried out by members of the cyber-criminal group, Scattered Spider. Thalha Jubair, 19, from east ...
- Google Releases Security Update for Chrome
September 18, 2025
Google has released version 140.0.7339.185/.186 for Chrome for Windows and Mac and 140.0.7339.185 for Chrome for Linux, which will roll out over the coming days/weeks. The updates address four high severity vulnerabilities, including CVE-2025-10585, which has an exploit in the wild. CVE-2025-10585 – Type Confusion in V8 – High severity CVE-2025-10500 – Use after free in Dawn ...

