New CrashStealer malware poses as Apple crash reporting tool

New CrashStealer malware poses as Apple crash reporting tool
CrashStealer is a new macOS information-stealing malware that disguises itself as Apple’s CrashReporter.app to harvest credentials, Keychain data, and crypto wallet information. It spreads through a signed, notarized installer and uses a fake password prompt plus strong client-side encryption before exfiltrating stolen data. #CrashStealer #CrashReporter.app #WerkbitSetup #Jamf

Keypoints

  • CrashStealer pretends to be Apple’s CrashReporter.app to avoid suspicion.
  • It is delivered through a signed and notarized installer called Werkbit Setup.
  • A fake macOS password prompt is used to steal Keychain access.
  • The malware targets browsers, password managers, and more than 80 crypto wallet extensions.
  • Stolen data is encrypted with AES-256-GCM and sent to a command-and-control server.

Read More: https://www.bleepingcomputer.com/news/security/new-crashstealer-malware-poses-as-apple-crash-reporting-tool/