This new macOS information stealer poses as an Apple crash reporting tool to try to steal all your valuable data


  • Jamf researchers discover “CrashStealer”, a notarized macOS information stealer disguised as Apple’s CrashReporter.
  • Distributed via a fake site called “Werkbit Setup”, it bypasses Gatekeeper, installs a LaunchAgent
  • It then uses a fake password prompt to unlock the keychain, exfiltrating credentials, cookies, files and data from 80 crypto wallets and 14 password managers.

A new macOS information stealer has been spotted in the wild, masquerading as an Apple crash reporting tool, experts have warned.

Called CrashStealer, this C++ infostealer was designed to recover login credentials, keychain information, and data related to over 80 cryptocurrency wallets.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top