This new macOS infostealer poses as an Apple crash reporting tool to try and steal all your valuable data


  • Jamf researchers uncover “CrashStealer,” a notarized macOS infostealer disguised as Apple’s CrashReporter
  • Distributed via a fake site called “Werkbit Setup”, it bypasses Gatekeeper, installs a LaunchAgent
  • It then uses a fake password prompt to unlock Keychain, exfiltrating credentials, cookies, files, and data from 80 crypto wallets and 14 password managers

A new macOS infostealer has been spotted in the wild, masquerading as an Apple crash reporting tool, experts have warned.

Called CrashStealer, this C++ infostealer was designed to nab login credentials, keychain information, as well as data related to more than 80 cryptocurrency wallets.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *