CrashStealer malware abuses signed apps and fake crash-reporting prompts on macOS

CrashStealer malware abuses signed apps and fake crash-reporting prompts on macOS

CrashStealer is a new macOS infostealer that disguises itself as Apple's crash-reporting tool and uses signed or notarized components to get past Gatekeeper checks. The malware steals credentials, Keychain data, browser information, and cryptocurrency wallets, then encrypts the stolen information to make analysis harder. Researchers observed the sample in development in May and active use by early July, showing a quick transition from testing to real-world deployment. This matters because it demonstrates that macOS users can be targeted through trust in Apple's signing and notarization ecosystem rather than through obvious malicious binaries. The campaign also reflects how attackers are adapting commodity theft malware to Apple environments at higher quality. Defenders should treat signed installers and fake system utilities with the same skepticism they apply to Windows droppers.

Sources

Leave a Reply

Your email address will not be published. Required fields are marked *


Post Comment