A new macOS information-stealing malware called CrashStealer pretends to be Apple's crash-reporting tool to steal credentials, keychain data, and crypto wallets.
Malware researchers started tracking the malware in May, when it appeared to still be in development, but observed it being used in attacks in early July.
CrashStealer has a typical infostealer capability set that seems to focus on password managers and more than 80 crypto wallet extensions.
Notarized malware dropper
The CrashStealer infostealer's binary impersonates Apple's system component by taking the name ‘CrashReporter.app,’ in an attempt to evade users’ scrutiny and potentially security tools.










