CyberSecurityBoardThreat Intel · CVEs · Products
Malware

CrashStealer: New macOS Information Stealer with Notarized Dropper

July 13, 2026

CrashStealer is a macOS information stealer discovered by Jamf Threat Labs. It uses a signed and Apple-notarized dropper to bypass Gatekeeper, validates login passwords locally, and harvests browser credentials, cryptocurrency wallet extensions, password manager data, and keychain material. Stolen data is encrypted with AES-GCM and exfiltrated via libcurl. The malware employs analysis resistance techniques such as control-flow flattening and anti-debugging.