If you're a Mac user, beware of any system prompts that request your credentials in order to send reports to Apple. A new malware—dubbed CrashStealer—is posing as a legitimate crash-reporting tool while stealing keychain data, local files, and data from browsers, password managers, and crypto wallets.
This macOS infostealer, which was identified by security firm Jamf, looks like a legitimate application. It goes by "CrashReporter.app," uses a recognizable icon and metadata, and is delivered by a dropper signed and notarized by Apple. Targets can download the installer from a fake software site promoting the "Werkbit" meeting platform and requires a PIN to access. From there, installation follows a similar process to any other real app, as the campaign relies on social engineering to trick targets into adding the payload directly to their own devices. As BleepingComputer describes, its technical setup allows it to avoid detection from macOS' anti-malware tool.
Are you an Apple fan, or interested in Apple's product announcements? Lifehacker is hosting a Big Guessing Game, a free competition that invites readers to make predictions about what Apple may announce this year. The game is currently in its second round, and you can click here to enter.
When the infostealer runs, it pretends to be Apple's crash reporter, displaying a prompt that looks exactly like a macOS authorization request to make changes to system preferences. Users are asked to enter their password to allow these changes, and the malware validates the credential locally. If the password is wrong, the prompt runs again until the correct credential is supplied. With the system password, threat actors can unlock the user's Keychain and all of the encrypted data within, such as wifi and app passwords, certificates, and tokens. CrashStealer also appears to target other data on users' devices, including:
Files from Documents and Downloads folders.
Credentials and cookies from Firefox and Chromium-based browsers.
14 password managers, including popular apps like 1Password, Bitwarden, LastPass, Dashlane, NordPass, and Keeper.
80 cryptocurrency wallet extensions.
The malware is able to encrypt the stolen data, put it in a hidden ZIP archive, and upload it to attackers' servers.
How to protect your Mac from CrashStealer
It's not clear exactly how threat actors are targeting the distribution of this specific malware, but use caution when downloading and installing apps to your device, as attackers are able to run highly sophisticated campaigns that raise very few red flags. If you aren't 100% sure of the origin or legitimacy of an app or software, don't install it. If you are worried about malware running on your device, use my guide to detect and remove it.
You should also be wary of system processes that require you to enter your credentials to run—an action many of us take frequently without thinking. For CrashStealer specifically, know that crash reports and diagnostics sent to Apple do not require a password. You may be asked whether you want to provide this information, but you shouldn't need to authenticate it in any way.
Hence then, the article about your mac s next crash report might actually be malware was published today ( ) and is available on Live Hacker ( Middle East ) The editorial team at PressBee has edited and verified it, and it may have been modified, fully republished, or quoted. You can read and follow the updates of this news or article from its original source.
Read More Details
Finally We wish PressBee provided you with enough information of ( Your Mac's Next 'Crash Report' Might Actually Be Malware )
Also on site :
- How US commerce secretary's Epstein links were uncovered by British whistleblower
- Can Tire Tracks Be Seen on Bottom of Lincoln Reflecting Pool?
- Coffee Mate Brings Back Harry Potter Creamers With Magical New Flavor Fans Are Dying to Get Their Hands On
