Mac malware CrashStealer masquerades as Apple crash reporter to steal secrets

1 min read
Source: MacRumors
Mac malware CrashStealer masquerades as Apple crash reporter to steal secrets
Photo: MacRumors
TL;DR Summary

Jamf Threat Labs warns about CrashStealer, a macOS malware that pretends to be Apple’s crash reporting tool via a fake notarized app named Werkbit. It targets over 80 cryptocurrency wallet extensions and 14 password managers (such as 1Password, LastPass, and Dashlane), searches Documents and Downloads for data, and prompts for full-disk access and a system password to access the login keychain. The stolen data is encrypted with AES-256-GCM and sent to the attacker. Apple revoked Werkbit’s signing credentials, but the attack vector shows how notarization can be abused, and the threat could reappear; users should avoid apps that prompt for a password or claim to be CrashReporter.

Share this article

Reading Insights

Total Reads

0

Unique Readers

4

Time Saved

9 min

vs 10 min read

Condensed

94%

1,939107 words

Want the full story? Read the original article

Read on MacRumors