Tag

Keychain

All articles tagged with #keychain

Mac malware CrashStealer masquerades as Apple crash reporter to steal secrets
security1 hour ago

Mac malware CrashStealer masquerades as Apple crash reporter to steal secrets

Jamf Threat Labs warns about CrashStealer, a macOS malware that pretends to be Apple’s crash reporting tool via a fake notarized app named Werkbit. It targets over 80 cryptocurrency wallet extensions and 14 password managers (such as 1Password, LastPass, and Dashlane), searches Documents and Downloads for data, and prompts for full-disk access and a system password to access the login keychain. The stolen data is encrypted with AES-256-GCM and sent to the attacker. Apple revoked Werkbit’s signing credentials, but the attack vector shows how notarization can be abused, and the threat could reappear; users should avoid apps that prompt for a password or claim to be CrashReporter.

CrashStealer macOS infostealer fakes Apple’s crash reporter to swipe credentials and crypto wallets
technology2 days ago

CrashStealer macOS infostealer fakes Apple’s crash reporter to swipe credentials and crypto wallets

A new macOS information-stealing malware named CrashStealer disguises itself as Apple’s CrashReporter to harvest Keychain data, browser credentials, and more than 80 crypto wallet extensions. Delivered via a signed, Apple-notarized dropper and launched with a fake system prompt, it exfiltrates encrypted data (AES-256-GCM) to a C2 server after collecting files from user directories. Researchers note its stealthy, self-re-signing persistence and its distinct client-side encryption and native C++ implementation, with the campaign gated behind a PIN and active since May 2026.