A new macOS malware, named CrashStealer, is identified as posing a significant security threat by using Apple's legitimate crash-reporting component to deceive users into installing it. This infostealer captures sensitive data, including login credentials and cryptocurrency wallet information, by mimicking Apple's software. The malware is delivered via a signed disk image, which allows it to bypass macOS's Gatekeeper security.
Upon installation, it prompts users with a fake authorization request to gather passwords, employing advanced methods like AES-GCM encryption to obscure its operations. Researchers from Jamf Threat Labs have alerted Apple about the distribution of this malware, emphasizing the sophistication of its delivery and encryption mechanisms.