This new macOS infostealer poses as an Apple crash reporting tool to try to steal all your valuable data


  • Jamf researchers reveal “CrashStealer”, a notarized macOS infostealer masquerading as Apple’s CrashReporter
  • Distributed via a fake site called “Werkbit Setup”, it bypasses Gatekeeper, installs a LaunchAgent
  • It then uses a fake password prompt to unlock Keychain, exfiltrating credentials, cookies, files and data from 80 crypto wallets and 14 password managers

A new macOS infostealer has been discovered in the wild disguised as an Apple crash reporting tool, experts have warned.

Called CrashStealer, this C++ infostealer is designed to find login credentials, keychain information, as well as data related to more than 80 cryptocurrency wallets.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top