This fake Apple app can unlock your Mac’s password vault


CrashStealer is a new macOS infostealer that masquerades as Apple’s CrashReporter component, uses an Apple‑notarized installer to slip past Gatekeeper, tricks users into handing over their password, and then systematically loots browsers, password managers, crypto wallets, and Keychain secrets before exfiltrating them in AES‑encrypted bundles.

Researchers have been following the development of CrashStealer since May 2026. It impersonates Apple’s CrashReporter component by taking the name CrashReporter.app. It also creates a LaunchAgent named com.apple.crashreporter.helper and uses the legitimate tool’s icon and metadata to look as trustworthy as possible.

Read more…
Source:  Malware Bytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Russian initial access broker who fed ransomware crews gets 81 months in US prison

    March 24, 2026

    A Russian national who sold the keys to corporate networks faces nearly seven years in a US prison after prosecutors tied his handiwork to a string of ransomware attacks costing victims millions of dollars. Aleksei Volkov, 26, was sentenced to 81 months behind bars for his role as an initial access broker, a behind-the-scenes operator who ...

  • Google Authenticator: The Hidden Mechanisms of Passwordless Authentication

    March 23, 2026

    Passwordless authentication is often presented as the end of account takeover. But to understand the real threat landscape, we need to examine how passwordless is actually deployed in the real world. Attackers do not break protocols in theory. They target the most common implementations, the places where usability, scale and architecture intersect. Focusing on one of ...

  • CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read

    March 23, 2026

    On March 23, 2026, Citrix published a security advisory for a critical vulnerability affecting their NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) products. This vulnerability, CVE-2026-3055, which is classified as an out-of-bounds read and holds a CVSS score of 9.3, allows unauthenticated remote attackers to leak potentially sensitive information from the appliance’s ...

  • Phishing campaign abuses Microsoft Azure Monitor alerts

    March 23, 2026

    Microsoft Azure Monitor is the latest in the long line of legitimate tools being abused in phishing attacks. If you are used to getting notifications from this platform, be careful, as the emails are quite convincing and relatively difficult to spot. Microsoft Azure Monitor is a cloud-based service that collects and analyzes data from applications and ...

  • Trio-Tech International hit by ransomware attack

    March 23, 2026

    Trio-Tech International initially shrugged off a ransomware attack at a Singapore subsidiary as immaterial, only to reverse course days later after discovering stolen data had been disclosed. The California-based semiconductor testing and burn-in services outfit said it detected a ransomware incident at a Singapore subsidiary on March 11, which led to the encryption of “certain files” ...

  • Three Supermicro employees charged with conspiracy to smuggle restricted Nvidia chips to China

    March 20, 2026

    A federal investigation has been launched after the US Department of Justice charged three individuals for allegedly smuggling restricted Nvidia AI chips to China. The three men were not named in court documents, however a statement released by Super Micro Computer Inc. identified those involved. The smuggling allegedly occurred between 2024 and 2025, with billions of ...