While macOS is generally very stable, there are times when an app will crash and your Mac will offer to send a diagnostic report to Apple.

A new form of Mac malware has been discovered, which creates fake versions of this form, requesting your Mac password as part of the data collection. If you comply, it will get access to a huge range of personal data, including your password managers and cryptocurrency wallets …

Jamf says it first began tracking the malware in May, and has now seen it in the wild.

In early May, a suspicious macOS sample uploaded to VirusTotal surfaced through our sample-processing pipeline, and Jamf Threat Labs began tracking it. It impersonated Apple’s crash reporting framework and, at that point, looked like an infostealer still in development. By early July we were seeing in-the-wild detections of the payload matching one of our in-house rules, indicating the project had matured from development into active use. We track this malware under the name CrashStealer.

The cybersecurity company says that the disk image used to distribute the malware initially had a valid Apple Developer ID and notarization that allowed it to pass Gatekeeper checks.