CrashStealer is a new macOS infostealer that masquerades as Apple’s CrashReporter component, uses an Apple‑notarized installer to slip past Gatekeeper, tricks users into handing over their password, and then systematically loots browsers, password managers, crypto wallets, and Keychain secrets before exfiltrating them in AES‑encrypted bundles.
Researchers have been following the development of CrashStealer since May 2026. It impersonates Apple’s CrashReporter component by taking the name CrashReporter.app. It also creates a LaunchAgent named com.apple.crashreporter.helper and uses the legitimate tool’s icon and metadata to look as trustworthy as possible.
Read more…
Source: Malware Bytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hackers breached A1 Telekom, Austria’s largest ISP
June 11, 2020
A1 Telekom, the largest internet service provider in Austria, has admitted to a security breach this week, following a whistleblower’s exposé. The company admitted to suffering a malware infection in November 2019. A1 said its security team detected the malware a month later, but that removing the infection was more problematic than it initially anticipated. From December ...
- City of Knoxville shuts down network after ransomware attack
June 11, 2020
The City of Knoxville, Tennessee, was forced to shut down its entire computer network following a ransomware attack that took place overnight and targeted the city’s offices. Knoxville has a population of over 180,000, it’s Tennessee’s third-largest city after Nashville and Memphis, and it’s also part of the Knoxville Metropolitan Statistical Area, with a reported population of almost 870,000 in 2015. Read ...
- Forward-looking security analysis of smart factories [Part 3] – Trojanized libraries for industrial IoT devices
June 11, 2020
IoT devices are being incorporated more and more into smart factories. IoT devices are endpoints that have a unique IP address and that can connect to the Internet; they are expected to be used for various purposes not only in development but also in production environments, in combination with original programs developed in-house as well ...
- FBI warns of increased hacking risk if using mobile banking apps
June 10, 2020
The U.S. Federal Bureau of Investigation (FBI) today warned mobile banking app users that they will be increasingly targeted by hackers trying to steal their credentials and take over their banking accounts. The alert, published on the agency’s Internet Crime Complaint Center (IC3), says that the increased usage of such apps during the pandemic could lead to ...
- Espionage Group Hits U.S. Utilities with Sophisticated Spy Tool
June 9, 2020
The APT known as TA410 has added a modular remote-access trojan (RAT) to its espionage arsenal, deployed against Windows targets in the United States’ utilities sector. According to researchers at Proofpoint, the RAT, called FlowCloud, can access installed applications and control the keyboard, mouse, screen, files, services and processes of an infected computer, with the ability ...
- Hackers for hire targeted hundreds of institutions, says report
June 9, 2020
A hackers-for-hire group dubbed “Dark Basin” has targeted thousands of individuals and hundreds of institutions around the world, including advocacy groups, journalists, elected officials, lawyers, hedge funds, and companies, according to the Internet watchdog Citizen Lab. Researchers discovered almost 28,000 webpages created by hackers for personalized “spear phishing” attacks designed to steal passwords, according to a ...

