This macOS infostealer, which was identified by security firm Jamf, looks like a legitimate application. It goes by "CrashReporter.app," uses a recognizable icon and metadata, and is delivered by a dropper signed and notarized by Apple. Targets can download the installer from a fake software site promoting the "Werkbit" meeting platform and requires a PIN to access. From there, installation follows a similar process to any other real app, as the campaign relies on social engineering to trick targets into adding the payload directly to their own devices. As BleepingComputer describes, its technical setup allows it to avoid detection from macOS' anti-malware tool.
When the infostealer runs, it pretends to be Apple's crash reporter, displaying a prompt that looks exactly like a macOS authorization request to make changes to system preferences. Users are asked to enter their password to allow these changes, and the malware validates the credential locally. If the password is wrong, the prompt runs again until the correct credential is supplied. With the system password, threat actors can unlock the user's Keychain and all of the encrypted data within, such as wifi and app passwords, certificates, and tokens. CrashStealer also appears to target other data on users' devices, including:
Credentials and cookies from Firefox and Chromium-based browsers.
80 cryptocurrency wallet extensions.
How to protect your Mac from CrashStealer
It's not clear exactly how threat actors are targeting the distribution of this specific malware, but use caution when downloading and installing apps to your device, as attackers are able to run highly sophisticated campaigns that raise very few red flags. If you aren't 100% sure of the origin or legitimacy of an app or software, don't install it. If you are worried about malware running on your device, use my guide to detect and remove it.
You should also be wary of system processes that require you to enter your credentials to run—an action many of us take frequently without thinking. For CrashStealer specifically, know that crash reports and diagnostics sent to Apple do not require a password. You may be asked whether you want to provide this information, but you shouldn't need to authenticate it in any way.
Hence then, the article about your mac s next crash report might actually be malware was published today ( ) and is available on Live Hacker ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( Your Mac's Next 'Crash Report' Might Actually Be Malware )
Also on site :