This new macOS data stealer poses as an Apple crash reporting tool to try to steal all your valuable data.



  • Jamf Researchers Discover “CrashStealer,” a Notary-Certified macOS Data Stealer Disguised as Apple’s CrashReporter
  • Distributed through a fake site called “Werkbit Setup”, bypass Gatekeeper and install a LaunchAgent
  • It then uses a fake password request to unlock the keychain, extracting credentials, cookies, files and data from 80 crypto wallets and 14 password managers.

A new macOS information thief has been detected, posing as an Apple crash reporting tool, experts have warned.

Called CrashStealer, this C++ data stealer was designed to obtain login credentials, keychain information, and data related to over 80 cryptocurrency wallets.

Leave a Comment

Your email address will not be published. Required fields are marked *