Copy
Trading Bots
Events
More

New Mac malware CrashStealer targets crypto wallets

2026/07/16 01:18Browse 0

CrashStealer: A new macOS infostealer disguised as Apple's crash reporter

A newly discovered macOS malware, dubbed CrashStealer, is masquerading as Apple's legitimate crash reporting tool to steal sensitive data including cryptocurrency wallets, keychain entries, and account credentials. The malware was identified by Jamf cybersecurity researchers following a suspicious upload to VirusTotal on July 13. It appears to have been under development since May and has now been released into the wild.

How the attack works

When installed, CrashStealer impersonates Apple's crash reporter using the aliases CrashReporter.dmg and CrashReporter.app, complete with a legitimate-looking icon. The malware tries to unlock the victim's keychain by displaying a fake password prompt that mimics a genuine macOS authorization request. Once credentials are entered, it validates them locally before targeting installed password managers, browsers, and cryptocurrency wallets. Stolen data is then encrypted and sent to an attacker-controlled server.

Infection vectors: .dmg files, ClickFix, and AI chatbots

Like many infostealers, CrashStealer arrives as a disk image (.dmg). In this case, the main .dmg file is distributed as "Werkbit Setup" — a signed and Apple-notarized dropper that packages the malicious CrashReporter.dmg. Because the dropper has a valid Developer ID and stapled notarization ticket, it clears Gatekeeper on first launch, making it appear trustworthy.

Another growing attack vector for macOS is the ClickFix technique, which uses social engineering to trick users into running a command prompt themselves, often with instructions to "fix" an issue or resolve a CAPTCHA. Additionally, Huntress researchers have noted that Atomic MacOS Stealer is being distributed through poisoned AI chatbot conversations, leading victims to malicious websites and payloads.

Three habits to block most macOS malware

While macOS was once considered relatively immune to malware, the rise of AI-assisted cybercrime is changing the landscape. Here are three habits that can help protect against threats like CrashStealer:

- Always check a .dmg source. You cannot know what's inside a disk image from the surface. Downloading cracked or pirated software puts you at high risk of running malware.

- Verify password requests. Gatekeeper prompts exist for a reason. If you encounter an unexpected pop-up asking for your password — especially while casually browsing — be cautious. Legitimate requests are usually tied to a specific action you initiated.

- Keep macOS updated. Many users delay updates to avoid interruptions, but these updates often include critical security patches that protect both your machine and your data.

As Jamf researchers noted, the traditional macOS attack vectors are likely to be accompanied by AI-related threats in the near future, making vigilance more important than ever.

Disclaimer: This page may contain third-party information and does not necessarily reflect BYDFi's views or opinions. This content is for general reference only and does not constitute any representation, warranty, financial advice, or investment advice. BYDFi is not responsible for any errors, omissions, or any results arising from the use of such information. Virtual asset investments involve risks. Please carefully evaluate the risks of the product and your risk tolerance based on your financial situation. For more information, please refer to our Terms of Use and Risk Disclosure.