CrashStealer is a new macOS infostealer that masquerades as Apple’s CrashReporter component, uses an Apple‑notarized installer to slip past Gatekeeper, tricks users into handing over their password, and then systematically loots browsers, password managers, crypto wallets, and Keychain secrets before exfiltrating them in AES‑encrypted bundles.
Researchers have been following the development of CrashStealer since May 2026. It impersonates Apple’s CrashReporter component by taking the name CrashReporter.app. It also creates a LaunchAgent named com.apple.crashreporter.helper and uses the legitimate tool’s icon and metadata to look as trustworthy as possible.
Read more…
Source: Malware Bytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Russian hackers were behind $2.5B hack of Jaguar Land Rover
June 26, 2026
Last year, hackers attacked car giant Jaguar Land Rover (JPL), one of the U.K.’s biggest employers. The hack halted production for months and made a dent in the country’s economy. The damage was so severe that the U.K. government decided to bail out the company with a £1.5 billion (around $2 billion) payment, and estimates say the hack cost the British ...
- Beware of the license manager: how a Schneider Electric software vulnerability puts industrial facilities at risk
June 26, 2026
The CVE-2024-2658 vulnerability was discovered in 2024 within the FlexNet Publisher component of the Schneider Electric Floating License Manager. This software handles license management across various Schneider Electric products used for comprehensive industrial automation ranging from PLC programming to centralized control room implementation. This vulnerability is a CWE-427: Uncontrolled Search Path Element issue. It stems from a system ...
- Polymarket says hackers stole users’ funds
June 25, 2026
Prediction market giant Polymarket confirmed that hackers stole funds from an unspecified number of users after a third-party breach. In an X post on Thursday, Polymarket said that a compromise at a third-party vendor allowed hackers to inject malicious code into its website “for some users.” The company said it has “contained” the incident and is ...
- Self-destructing Mistic backdoor linked to access broker selling corporate footholds to ransomware gangs
June 25, 2026
A new self-destructing backdoor called Mistic used in intrusions since April appears to be linked to a criminal gang that compromises corporate networks and then sells that access to ransomware groups, according to security researchers. This backdoor, also tracked as MLTBackdoor, was first documented by Zscaler earlier this month, with the security shop suggesting the novel malware is ...
- Update Chrome to patch critical browser security flaws
June 25, 2026
Google released a security update for Chrome that fixes 18 vulnerabilities, including four rated Critical. There is no indication that any of these newly patched bugs are being actively exploited in the wild. The stable channel has been updated to 149.0.7827.196/197 for Windows and Mac and 149.0.7827.196 for Linux. The update will roll out over the coming days ...
- Almost half of ransomware victims have data stolen before they can even detect an intrusion
June 25, 2026
Criminals are getting better at hiding within their victims’ infrastructure, lurking and stealing files without triggering any alarms whatsoever. Earlier today, network detection and response experts ExtraHop released the “Global Threat Landscape Report”, based on a survey of more than 1,800 IT and security leaders worldwide. In it, it is said that roughly half (49%) of ...

