CrashStealer is a new macOS infostealer that masquerades as Apple’s CrashReporter component, uses an Apple‑notarized installer to slip past Gatekeeper, tricks users into handing over their password, and then systematically loots browsers, password managers, crypto wallets, and Keychain secrets before exfiltrating them in AES‑encrypted bundles.
Researchers have been following the development of CrashStealer since May 2026. It impersonates Apple’s CrashReporter component by taking the name CrashReporter.app. It also creates a LaunchAgent named com.apple.crashreporter.helper and uses the legitimate tool’s icon and metadata to look as trustworthy as possible.
Read more…
Source: Malware Bytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Critical Vulnerabilities in Ivanti EPMM Exploited
February 17, 2026
Two critical zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) affecting Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited in the wild, affecting enterprise mobile fleets and corporate networks. These vulnerabilities allow unauthenticated attackers to remotely execute arbitrary code on target servers, granting them full control over mobile device management (MDM) infrastructure without requiring user interaction or credentials. Read ...
- Indian pharmacy chain giant exposed customer data and internal systems
February 17, 2026
A major Indian pharmacy chain operated a flawed platform which exposed highly sensitive data of millions of users, experts have warned. DavaIndia Pharmacy, the pharmacy arm of Zota Healthcare, currently runs more than 2,300 stores across the country – however, its platform was bugged in a way that allowed unauthenticated users to create “super admin” ...
- Google patches first Chrome zero-day of the year
February 16, 2026
Google has patched a high-severity vulnerability in the Chrome browser which was apparently being used as a zero-day in the wild. In a security advisory, Google said it addressed CVE-2026-2441, a “use after free in CSS in Google Chrome prior to 145.0.7632.75”. This bug, given a severity score of 8.3/10 (high), allows threat actors to execute ...
- EU Parliament blocks AI tools over cyber, privacy fears
February 16, 2026
he European Parliament has disabled AI features on the work devices of lawmakers and their staff over cybersecurity and data protection concerns, according to an internal email seen by POLITICO. The chamber emailed its members on Monday to say it had disabled “built-in artificial intelligence features” on corporate tablets after its IT department assessed it couldn’t ...
- CVE-2024-43468: Attackers exploiting critical Microsoft bug from 2024
February 13, 2026
According to the US Cybersecurity and Infrastructure Security Agency (CISA) a SQL injection flaw in Microsoft Configuration Manager patched in October 2024 is now being actively exploited, exposing unpatched businesses and government agencies to attack. CISA added CVE-2024-43468 to its Known Exploited Vulnerabilities catalog on Thursday, setting a March 5 deadline for federal agencies to deploy the ...
- Major telco breach sees 6.2 million users have personal info leaked
February 13, 2026
Dutch telecommunications company Odido has confirmed suffering a cyberattack and losing sensitive data on millions of people. In a notice published on its website, the company says it “deeply regrets” the situation and is “fully committed” to limiting its impact. “Based on investigation, the incident concerns personal data from a customer contact system used by Odido,” ...

