This fake Apple app can unlock your Mac’s password vault


CrashStealer is a new macOS infostealer that masquerades as Apple’s CrashReporter component, uses an Apple‑notarized installer to slip past Gatekeeper, tricks users into handing over their password, and then systematically loots browsers, password managers, crypto wallets, and Keychain secrets before exfiltrating them in AES‑encrypted bundles.

Researchers have been following the development of CrashStealer since May 2026. It impersonates Apple’s CrashReporter component by taking the name CrashReporter.app. It also creates a LaunchAgent named com.apple.crashreporter.helper and uses the legitimate tool’s icon and metadata to look as trustworthy as possible.

Read more…
Source:  Malware Bytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Vibe Hacking: Two AI-Augmented Campaigns Target Government and Financial Sectors in Latin America

    May 11, 2026

    Threat actors using AI is an unsurprising and even long-predicted developmentopen on a new tab. In a case in point, TrendAI™ Research has identified two emerging threat campaigns that used agentic AI to drive intrusion operations against government entities and financial organizations across several countries in Latin America. Though evidence suggests that the two groups are likely ...

  • Water company’s leaky security earns near-£1M fine

    May 11, 2026

    The UK’s data protection watchdog has fined South Staffordshire Water’s parent company nearly £1 million over security failings exposed by the Cl0p ransomware attack in 2022. Issuing the fine of £963,900 ($1.3 million), the Information Commissioner’s Office (ICO) said the attack exposed “significant failures in the company’s approach to data security.” The attack, claimed by Cl0p, was detected ...

  • Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access

    May 11, 2026

    Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature ...

  • Experts warn nearly half of the world’s passwords can easily be cracked in just a few minutes

    May 8, 2026

    Using real-world samples recovered from the dark web, Kaspersky researchers have tested how long it would take to crack most passwords, and found that almost half of the world’s passwords can be cracked in less than a minute. Additionally, the research shows that within an hour, that number rises to three out of five passwords. Armed with this knowledge, ...

  • Disgraced US gov software contractor found guilty of database destruction

    May 8, 2026

    A Virginia man, Sohaib Akhter, faces decades in prison after a jury convicted him of being involved in a scheme to delete approximately 96 databases containing US government data. The events of the case transpired around two weeks before the twin brothers allegedly involved were fired from their jobs at a software supplier to the US ...

  • Poland says hackers breached water treatment plants, and the US is facing the same threat

    May 8, 2026

    Poland’s intelligence service said it detected attacks on five water treatment plants where hackers could have taken control of the industrial equipment inside, including, in the worst case, tampering with the safety of the water supply. The story is relevant beyond Poland’s borders: U.S. water infrastructure has faced similar threats in recent years. In 2021, a ...