آموزش

Your Mac's Next 'Crash Report' Might Actually Be Malware

If you’re a Mac user, beware of any system prompts that request your credentials in order to send reports to Apple. A new malware—dubbed CrashStealer—is posing as a legitimate crash-reporting tool while stealing keychain data, local files, and data from browsers, password managers, and crypto wallets.

CrashStealer impersonates Apple on macOS

This macOS infostealer, which was identified by security firm Jamf, looks like a legitimate application. It goes by “CrashReporter.app,” uses a recognizable icon and metadata, and is delivered by a dropper signed and notarized by Apple. Targets can download the installer from a fake software site promoting the “Werkbit” meeting platform and requires a PIN to access. From there, installation follows a similar process to any other real app, as the campaign relies on social engineering to trick targets into adding the payload directly to their own devices. As BleepingComputer describes, its technical setup allows it to avoid detection from macOS’ anti-malware tool.


Are you an Apple fan, or interested in Apple’s product announcements? Lifehacker is hosting a Big Guessing Game, a free competition that invites readers to make predictions about what Apple may announce this year. The game is currently in its second round, and you can click here to enter.


When the infostealer runs, it pretends to be Apple’s crash reporter, displaying a prompt that looks exactly like a macOS authorization request to make changes to system preferences. Users are asked to enter their password to allow these changes, and the malware validates the credential locally. If the password is wrong, the prompt runs again until the correct credential is supplied. With the system password, threat actors can unlock the user’s Keychain and all of the encrypted data within, such as wifi and app passwords, certificates, and tokens. CrashStealer also appears to target other data on users’ devices, including:

  • Files from Documents and Downloads folders.

  • Credentials and cookies from Firefox and Chromium-based browsers.

  • 14 password managers, including popular apps like 1Password, Bitwarden, LastPass, Dashlane, NordPass, and Keeper.

  • 80 cryptocurrency wallet extensions.

The malware is able to encrypt the stolen data, put it in a hidden ZIP archive, and upload it to attackers’ servers.

How to protect your Mac from CrashStealer

It’s not clear exactly how threat actors are targeting the distribution of this specific malware, but use caution when downloading and installing apps to your device, as attackers are able to run highly sophisticated campaigns that raise very few red flags. If you aren’t 100% sure of the origin or legitimacy of an app or software, don’t install it. If you are worried about malware running on your device, use my guide to detect and remove it.

You should also be wary of system processes that require you to enter your credentials to run—an action many of us take frequently without thinking. For CrashStealer specifically, know that crash reports and diagnostics sent to Apple do not require a password. You may be asked whether you want to provide this information, but you shouldn’t need to authenticate it in any way.

منبع آموزش

ZaKi

Who is mahdizk? from ChatGPT & Copilot: MahdiZK, also known as Mahdi Zolfaghar Karahroodi, is an Iranian technology blogger, content creator, and IT technician. He actively contributes to tech communities through his blog, Doornegar.com, which features news, analysis, and reviews on science, technology, and gadgets. Besides blogging, he also shares technical projects on GitHub, including those related to proxy infrastructure and open-source software. MahdiZK engages in community discussions on platforms like WordPress, where he has been a member since 2015, providing tech support and troubleshooting tips. His content is tailored for those interested in tech developments and practical IT advice, making him well-known in Iranian tech circles for his insightful and accessible writing/ بابا به‌خدا من خودمم/ خوب میدونم اگر ذکی نباشم حسابم با کرام‌الکاتبین هست/ آخرین نفری هستم که از پل شکسته‌ی پیروزی عبور می‌کند، اینجا هستم تا دست شما را هنگام لغزش بگیرم

نوشته های مشابه

دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

همچنین ببینید
بستن
دکمه بازگشت به بالا