Jamf Threat Labs has released its analysis of a previously undocumented macOS infostealer, dubbed “CrashStealer.” 

Written in native C++, the malware was detected in the wild in early July with the goal of harvesting data across browsers, cryptocurrency wallets, password managers, and more.

CrashStealer is delivered through a disk image that impersonates Apple’s built-in crash-reporting component, aiming to deceive victims through just a slight alteration in the impersonating application’s name. 

The report includes:

  • A Technical analysis of CrashStealer’s infection chain and persistence techniques.
  • An overview of the credentials, sensitive data and applications targeted by the malware.
  • Detection guidance, behavioral indicators and indicators of compromise (IOCs) to help security teams identify and respond to infections.

I hope you’ll help support Apple World Today by becoming a patron. Almost all our income is from Patreon support and sponsored posts. Patreon pricing ranges from $2 to $10 a month. Thanks in advance for your support. 




Article provided with permission from AppleWorld.Today