CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

Summary

Cybersecurity researchers have identified a new macOS information stealer named CrashStealer, which is written in native C++. This malware utilizes a notarized dropper to bypass Apple's Gatekeeper security checks, allowing it to harvest sensitive data from infected systems.

IFF Assessment

FOE

The discovery of new malware like CrashStealer poses a direct threat to users and their sensitive data, making it bad news for defenders.

Defender Context

Defenders should be aware of new macOS malware families such as CrashStealer that leverage legitimate-looking distribution methods like notarized droppers. Monitoring for unusual application behavior and ensuring endpoint security solutions are up-to-date are crucial steps to mitigate the risk of information stealers.

Read Full Story →