CrashStealer is a new macOS infostealer that masquerades as Apple’s CrashReporter component, uses an Apple‑notarized installer to slip past Gatekeeper, tricks users into handing over their password, and then systematically loots browsers, password managers, crypto wallets, and Keychain secrets before exfiltrating them in AES‑encrypted bundles.
Researchers have been following the development of CrashStealer since May 2026. It impersonates Apple’s CrashReporter component by taking the name CrashReporter.app. It also creates a LaunchAgent named com.apple.crashreporter.helper and uses the legitimate tool’s icon and metadata to look as trustworthy as possible.
Read more…
Source: Malware Bytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Model Namespace Reuse: An AI Supply-Chain Attack Exploiting Model Name Trust
September 3, 2025
Palo Alto Unit 42 research uncovered a fundamental flaw in the AI supply chain that allows attackers to gain Remote Code Execution (RCE) and additional capabilities on major platforms like Microsoft’s Azure AI Foundry, Google’s Vertex AI and thousands of open-source projects. We refer to this issue as Model Namespace Reuse. Hugging Face is a platform ...
- Jaguar Land Rover production severely hit by cyber-attack
September 2, 2025
A cyber-attack has “severely disrupted” Jaguar Land Rover (JLR) vehicle production, including at its two main UK plants. The company, which is owned by India’s Tata Motors, said it took immediate action to lessen the impact of the hack and is working quickly to restart operations. JLR’s retail business has also been badly hit at a ...
- Cookies: What they are for, associated risks, and what session hijacking has to do with it
September 2, 2025
When you visit almost any website, you’ll see a pop-up asking you to accept, decline, or customize the cookies it collects. Sometimes, it just tells you that cookies are in use by default. Kaspersky researchers randomly checked 647 websites, and 563 of them displayed cookie notifications. Most of the time, users don’t even pause to think ...
- Hackers are now hiding malware in the images served up by LLMs
August 31, 2025
As AI tools become more integrated into daily work, the security risks attached to them are also evolving in new directions. Researchers at Trail of Bits have demonstrated a method where malicious prompts are hidden inside images and then revealed during processing by large language models. The technique takes advantage of how AI platforms downscale images ...
- Storm-0501’s evolving techniques lead to cloud-based ransomware
August 29, 2025
Microsoft Threat Intelligence has observed financially motivated threat actor Storm-0501 continuously evolving their campaigns to achieve sharpened focus on cloud-based tactics, techniques, and procedures (TTPs). While the threat actor has been known for targeting hybrid cloud environments, their primary objective has shifted from deploying on-premises endpoint ransomware to using cloud-based ransomware tactics. Unlike traditional on-premises ransomware, ...
- WhatsApp fixes ‘zero-click’ bug used to hack Apple users with spyware
August 29, 2025
WhatsApp said on Friday that it fixed a security bug in its iOS and Mac apps that was being used to stealthily hack into the Apple devices of “specific targeted users.” The Meta-owned messaging app giant said in its security advisory that it fixed the vulnerability, known officially as CVE-2025-55177, which was used alongside a separate ...

