A new macOS infostealer named CrashStealer has been discovered, masquerading as Apple's CrashReporter application. This malware uses a notarized installer, allowing it to bypass Apple's Gatekeeper, and tricks users into inputting their passwords through a fake password prompt. Once granted access, it steals sensitive data including browser credentials, crypto wallet information, and data from password managers, encrypting the stolen data for exfiltration.
To protect against such threats, users should avoid downloading unofficial apps, be cautious with PIN-gated installers, and maintain updated security software. CrashStealer is detected as MacOS.Stealer.Crash.