Monday, July 13, 2026
News

Jamf Threat Labs releases analysis of macOS info stealer dubbed ‘CrashStealer’

Jamf Threat Labs has released its analysis of a previously undocumented macOS infostealer, dubbed “CrashStealer.” 

Jamf Threat Labs has released its analysis of a previously undocumented macOS infostealer, dubbed “CrashStealer.” 

Written in native C++, the malware was detected in the wild in early July with the goal of harvesting data across browsers, cryptocurrency wallets, password managers, and more.

CrashStealer is delivered through a disk image that impersonates Apple’s built-in crash-reporting component, aiming to deceive victims through just a slight alteration in the impersonating application’s name. 

The report includes:

  • A Technical analysis of CrashStealer’s infection chain and persistence techniques.
  • An overview of the credentials, sensitive data and applications targeted by the malware.
  • Detection guidance, behavioral indicators and indicators of compromise (IOCs) to help security teams identify and respond to infections.

I hope you’ll help support Apple World Today by becoming a patron. Almost all our income is from Patreon support and sponsored posts. Patreon pricing ranges from $2 to $10 a month. Thanks in advance for your support. 

Dennis Sellers
the authorDennis Sellers
Dennis Sellers is the editor/publisher of Apple World Today. He’s been an “Apple journalist” since 1995 (starting with the first big Apple news site, MacCentral). He loves to read, run, play sports, and watch movies.

Leave a Reply