CrashStealer is a new macOS infostealer that masquerades as Apple’s CrashReporter component, uses an Apple‑notarized installer to slip past Gatekeeper, tricks users into handing over their password, and then systematically loots browsers, password managers, crypto wallets, and Keychain secrets before exfiltrating them in AES‑encrypted bundles.
Researchers have been following the development of CrashStealer since May 2026. It impersonates Apple’s CrashReporter component by taking the name CrashReporter.app. It also creates a LaunchAgent named com.apple.crashreporter.helper and uses the legitimate tool’s icon and metadata to look as trustworthy as possible.
Read more…
Source: Malware Bytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- New malware targets macOS devices via OpenVSX extensions
February 3, 2026
GlassWorm, the malware campaign which targeted VS Code developers on Microsoft’s official Visual Studio Code marketplace, has now expanded to open source alternatives, experts have claimed. Recently, security researchers Socket said they discovered four extensions in Open VSX, an open, vendor-neutral marketplace for editor extensions (mainly used by developers who work with VS Code-compatible editors). These ...
- Northern Ireland: PSNI officers affected by data breach to receive £7,500
February 3, 2026
Almost 10,000 police officers and staff affected by a huge data breach in Northern Ireland are to get a payment of at least £7,500 each. The details of all the PSNI’s serving officers and civilian staff were inadvertently published as part of a response to a Freedom of Information (FOI) request in August 2023. The database ...
- Russian ransomware hackers allegedly hit Tulsa airport in cyberattack, dump private files online as proof
February 2, 2026
Russian ransomware operators Qilin have claimed to have broken into the Tulsa International Airport and stolen an unspecified amount of sensitive company data. A report from Cybernews says the group recently added the airport to their data leak site, and included 18 samples as proof of their claims. The researchers analyzed the samples, finding it included ...
- The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
February 2, 2026
Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central America, focusing on government, telecom, aviation, critical infrastructure, and media sectors. Rapid7 investigation ...
- Russia-linked APT28 attackers already abusing new Microsoft Office zero-day
February 2, 2026
Russia-linked attackers are already exploiting Microsoft’s latest Office zero-day, with Ukraine’s national cyber defense team warning that the same bug is being used to target government agencies inside the country and organizations across the EU. In an alert published on Sunday, CERT-UA says the activity is being driven by UAC-0001, better known as “APT28” or “Fancy ...
- Oregon residents health data stolen in TriZetto breach
January 31, 2026
Thousands more Oregonians will soon receive data breach letters in the continued fallout from the TriZetto data breach, in which someone hacked the insurance verification provider and gained access to its healthcare provider customers across multiple US states. The breach occurred back in November 2024, with intruders snooping through protected health information and other sensitive personal ...

