By Interestana AI Editorial — AI-drafted, human-overseen. How we report
CrashStealer macOS Malware Bypasses Gatekeeper Using Notarized Dropper

Cybersecurity researchers have identified a new macOS information stealer malware, dubbed CrashStealer, capable of extracting sensitive data from infected systems. This malware distinguishes itself from previous threats by utilizing a native C++ implementation, rather than relying on AppleScript droppers or Objective-C wrappers, as reported by Jamf Threat Labs. The malware's design includes a local validation of the victim's login password before proceeding with its malicious operations.
Jamf Threat Labs detailed that CrashStealer leverages a notarized macOS application bundle as its dropper. Notarization is Apple's automated process for scanning Mac apps for malicious content, and when an app is notarized, it is allowed to run on macOS systems with default security settings enabled. By using a notarized dropper, CrashStealer can bypass Apple's Gatekeeper security feature, which is designed to prevent users from running potentially harmful software downloaded from the internet. This allows the malware to be installed and executed without triggering immediate security alerts.
Once executed, CrashStealer targets a range of sensitive information. Its capabilities include stealing browser credentials, cryptocurrency wallet data, and system configuration details. The malware is designed to exfiltrate this data to a remote command-and-control (C2) server. Researchers noted that the malware's persistence mechanisms are still under investigation, but its ability to bypass Gatekeeper and harvest critical user data presents a significant threat to macOS users. The use of native C++ suggests a more sophisticated and potentially faster execution compared to script-based malware.
The discovery of CrashStealer highlights an ongoing cat-and-mouse game between malware developers and Apple's security measures. While Apple continuously updates its security protocols, threat actors adapt by finding new ways to exploit vulnerabilities or circumvent existing protections. The reliance on a notarized dropper is a tactic that has been observed in other macOS malware campaigns, indicating a trend towards more advanced evasion techniques. Users are advised to maintain updated macOS versions and exercise caution when downloading and installing applications from untrusted sources.
Original source — read the full reporting at the publisher:
Read on The Hacker NewsGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.