CrashStealer is a new macOS infostealer that masquerades as Apple’s CrashReporter component, uses an Apple‑notarized installer to slip past Gatekeeper, tricks users into handing over their password, and then systematically loots browsers, password managers, crypto wallets, and Keychain secrets before exfiltrating them in AES‑encrypted bundles.
Researchers have been following the development of CrashStealer since May 2026. It impersonates Apple’s CrashReporter component by taking the name CrashReporter.app. It also creates a LaunchAgent named com.apple.crashreporter.helper and uses the legitimate tool’s icon and metadata to look as trustworthy as possible.
Read more…
Source: Malware Bytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Informant told FBI that Jeffrey Epstein had a ‘personal hacker’
January 30, 2026
A confidential informant told the FBI in 2017 that Jeffrey Epstein had a “personal hacker,” according to a document released by the Department of Justice on Friday. The document, which was released as part of the Justice Department’s legally required effort to publish documents related to its investigation into the late sex offender, does not identify ...
- North Korean Labyrinth Chollima is morphing into three separate entities
January 30, 2026
One of the largest and most successful North Korean state-sponsored threat actors has split into three separate entities, each with their own tactics, malware tools, targets, and goals, experts have warned. In a recent in-depth analysis, researchers from CrowdStrike expalined the move is a strategic evolution to make Labyrinth Chollima cyberattacks more efficient, and that the ...
- Match, Hinge, OkCupid, and Panera Bread breached by ransomware group
January 30, 2026
The ShinyHunters ransomware group has claimed the theft of data containing 10 million records belonging to the Match Group and 14 million records from bakery-café chain Panera Bread. The Match Group, that runs multiple popular online dating services like Tinder, Match.com, Meetic, OkCupid, and Hinge has confirmed a cyber incident and is investigating the data breach. ...
- Marquis confirms data breach, point finger of blame at SonicWall firewall
January 30, 2026
Marquis, a US fintech company building software for banks and credit unions, has confirmed suffering a ransomware attack and losing sensitive customer data, but shifted the blame onto its firewall provider, SonicWall. In mid-September 2025, SonicWall warned its firewall customers to reset their passwords after unnamed threat actors brute-forced their way into the company’s MySonicWall ...
- Ivanti patched two critical zero-day vulnerabilities in EPMM
January 30, 2026
Ivanti has patched two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) product that are already being exploited, continuing a grim run of January security incidents for enterprise IT vendors. In January 2025, tens of thousands were urged to patch a Fortinet zero-day, while Ivanti customers were doing the same. There has been little change ...
- Supply chain attack on eScan antivirus: detecting and remediating malicious updates
January 29, 2026
On January 20, a supply chain attack has occurred, with the infected software being the eScan antivirus developed by an Indian company MicroWorld Technologies. The previously unknown malware was distributed through the eScan update server. The same day, our security solutions detected and prevented cyberattacks involving this malware. On January 21, having been informed by Morphisec, ...

