CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

A

Admin User

Administrator of InfoSecCenter. Passionate about cybersecurity, information security, and technology.

CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
Save

A newly discovered macOS malware variant demonstrates how threat actors continue to evolve their techniques to bypass Apple's security protections. Dubbed "CrashStealer," this information-stealing malware represents a concerning development in the Mac threat landscape, leveraging Apple's own security infrastructure against users to harvest sensitive data from compromised systems.

According to researchers at Jamf Threat Labs, CrashStealer stands apart from typical macOS information stealers due to its implementation in native C++, rather than relying on more common AppleScript droppers or Objective-C wrappers. This technical approach suggests a sophisticated development effort focused on creating an efficient and stealthy malicious payload. Perhaps most alarmingly, the malware employs a notarized dropper to circumvent Gatekeeper checks—effectively abusing Apple's notarization system, which is designed to verify that software comes from trusted developers and hasn't been tampered with.

The discovery of CrashStealer affects all macOS users

Share

Shares: 0
LinkedIn WhatsApp Pinterest Print

You might also like

Comments (0)

Leave a Comment

No comments yet. Be the first to comment!