Jamf Threat Labs has released its analysis of a previously undocumented macOS infostealer, dubbed “CrashStealer.”
Written in native C++, the malware was detected in the wild in early July with the goal of harvesting data across browsers, cryptocurrency wallets, password managers, and more.
CrashStealer is delivered through a disk image that impersonates Apple’s built-in crash-reporting component, aiming to deceive victims through just a slight alteration in the impersonating application’s name.
The report includes:
- A Technical analysis of CrashStealer’s infection chain and persistence techniques.
- An overview of the credentials, sensitive data and applications targeted by the malware.
- Detection guidance, behavioral indicators and indicators of compromise (IOCs) to help security teams identify and respond to infections.
I hope you’ll help support Apple World Today by becoming a patron. Almost all our income is from Patreon support and sponsored posts. Patreon pricing ranges from $2 to $10 a month. Thanks in advance for your support.
Article provided with permission from AppleWorld.Today