HomeWorldUSALatin AmericaEuropeAsiaAfricaTV ShowsShowbizTravelLifestyleOpinionSciencePoliticsHealthSportsTechEntertainmentBusiness
Tech July 14, 2026

CrashStealer Mac malware targets passwords, poses new threat

CrashStealer Mac malware targets passwords, poses new threat

Researchers have uncovered a new macOS malware strain called CrashStealer, designed to capture passwords and browser data from infected systems.

Initial activity was observed in early May as a developing infostealer, with full deployment confirmed by early July. The malware disguises itself as Apple’s native crash reporting tool to deceive users.

CrashStealer is delivered through a seemingly benign meeting application named Werkbit. The dropper carries a valid Apple notarization ticket and developer identifier, giving it an appearance of legitimacy.

CrashStealer password prompt from Jamf Threat Labs

Upon execution, the dropper retrieves a disk image titled CrashReporter.dmg, which contains the CrashReporter.app bundle. The application presents a password prompt that mimics the standard “System Preferences wants to make changes” dialog, complete with Apple‑style graphics.

After gaining access, the malware scans for data across a wide range of browsers—including Brave, Chrome, Edge, Opera and Vivaldi—as well as cryptocurrency wallets such as MetaMask, Coinbase and Phantom, and popular password managers like 1Password, Bitwarden and LastPass.

Apple has revoked the compromised developer credentials to hinder further distribution. Users should remain vigilant for unexpected system password requests and avoid installing software from unverified sources.

Share this article

UMVA MAG

UMVA Mag is your trusted source for breaking news, in-depth analysis, and compelling stories from around the world. Covering politics, business, technology, entertainment, sports, health, science, and more — we deliver journalism that matters.

Independent, Accurate, Unbiased
24/7 Breaking News Coverage
Trusted by Millions Worldwide