This fake Apple app can unlock your Mac’s password vault


CrashStealer is a new macOS infostealer that masquerades as Apple’s CrashReporter component, uses an Apple‑notarized installer to slip past Gatekeeper, tricks users into handing over their password, and then systematically loots browsers, password managers, crypto wallets, and Keychain secrets before exfiltrating them in AES‑encrypted bundles.

Researchers have been following the development of CrashStealer since May 2026. It impersonates Apple’s CrashReporter component by taking the name CrashReporter.app. It also creates a LaunchAgent named com.apple.crashreporter.helper and uses the legitimate tool’s icon and metadata to look as trustworthy as possible.

Read more…
Source:  Malware Bytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • You Thought It Was Over? Authentication Coercion Keeps Evolving

    November 10, 2025

    Imagine a scenario where malicious actors don’t need to trick you into giving up your password. They have no need to perform sophisticated social engineering attacks or exploit vulnerabilities in your operating system.Instead, they can simply force your computer to authenticate to an attacker-controlled system, effectively commanding your machine to hand over valuable credentials. This attack ...

  • Industrial computing systems at risk from “time bombs ” in malicious NuGet packages

    November 10, 2025

    Thousands of critical infrastructure organizations, as well as those working in other, equally important verticals, were targeted by a perfidious attack that sought to sabotage their industrial control devices (ICD) two years down the line, experts have discovered. Cybersecurity researchers Socket recently found nine packages on NuGet that contained sabotage payloads set to activate in 2027 ...

  • Threat Landscape of the Building and Construction Sector: IA, Supply Chain, and IoT

    November 7, 2025

    In 2025, the construction industry stands at the crossroads of digital transformation and evolving cybersecurity risks, making it a prime target for threat actors. Cyber adversaries, including ransomware operators, organized cybercriminal networks, and state-sponsored APT groups from countries such as China, Russia, Iran, and North Korea, are increasingly focusing their attacks on the building and construction ...

  • LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices

    November 7, 2025

    Unit 42 researchers have uncovered a previously unknown Android spyware family, which we have named LANDFALL. To deliver the spyware, attackers exploited a zero-day vulnerability (CVE-2025-21042) in Samsung’s Android image processing library. The specific flaw LANDFALL exploited, CVE-2025-21042, is not an isolated case but rather part of a broader pattern of similar issues found on multiple ...

  • Hyundai IT services breach could put 2.7 million Hyundai, Kia owners in the US at risk

    November 7, 2025

    Hyundai AutoEver America (HAEA), the carmaker’s IT-services subsidiary servicing the North American region, has confirmed suffering a cyberattack and lost sensitive customer data as a result. In a data breach notification letter recently sent out to affected individuals, HAEA explained that the attack began on February 22, 2025, and lasted until March 2, when the attackers ...

  • U.S. Congressional Budget Office confirms it was hacked

    November 7, 2025

    The U.S. Congressional Budget Office has confirmed it was hacked. Caitlin Emma, a spokesperson for CBO, told TechCrunch on Friday that the agency is investigating the breach and “has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems ...