CrashStealer macOS Malware Bypasses Gatekeeper via Notarized Dropper
CrashStealer is a macOS information stealer implemented in native C++ that bypasses Apple's Gatekeeper checks using a notarized dropper, enabling it to collect sensitive data from browsers, cryptocurrency wallets, and keychains. The malware employs AES-GCM encryption and analysis-resistant techniques like control-flow flattening to exfiltrate stolen data securely.
Cybersecurity researchers have flagged a new macOS information stealer called CrashStealer that's capable of harvesting sensitive data from compromised systems.
Unlike other information stealers that are built on AppleScript droppers or Objective-C-based wrappers, CrashStealer is implemented in native C++, according to Jamf Threat Labs.
"It validates the victim's login password locally before
*** END OF TRANSMISSION ***