www.malwarebytes.com 7/15/2026, 8:53:13 AM · external

CrashStealer macOS steals passwords via fake CrashReporter

CrashStealer macOS steals passwords via fake CrashReporter
CyberSIXT Evidence Panel Source marked as original reporting

A new macOS infostealer named CrashStealer has been discovered, masquerading as Apple's CrashReporter application. This malware uses a notarized installer, allowing it to bypass Apple's Gatekeeper, and tricks users into inputting their passwords through a fake password prompt. Once granted access, it steals sensitive data including browser credentials, crypto wallet information, and data from password managers, encrypting the stolen data for exfiltration.

To protect against such threats, users should avoid downloading unofficial apps, be cautious with PIN-gated installers, and maintain updated security software. CrashStealer is detected as MacOS.Stealer.Crash.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline