ShellCodeX Intelligence Brief
HIGH
Cybersecurity
CrashStealer macOS info stealer uses notarized dropper to evade Gatekeeper
Source headline: CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
Threat level
High
Signal strength
75/100
Source confidence
1 source
Published
2 days ago
Intelligence Summary
Jamf Threat Labs reports a new macOS information stealer dubbed CrashStealer. The malware is written in native C++ and uses a notarized dropper to pass Gatekeeper checks. It can validate the victim login password locally before proceeding. Once running on a compromised system, it targets and harvests sensitive data. Users should review macOS app provenance, watch for suspicious notarized binaries, and harden endpoints against unsigned or unexpected installers.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.
Topics
Original reporting
The Hacker News
CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
Open original source