ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Cybersecurity

CrashStealer macOS info stealer uses notarized dropper to evade Gatekeeper

Source headline: CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 2 days ago

Intelligence Summary

Jamf Threat Labs reports a new macOS information stealer dubbed CrashStealer. The malware is written in native C++ and uses a notarized dropper to pass Gatekeeper checks. It can validate the victim login password locally before proceeding. Once running on a compromised system, it targets and harvests sensitive data. Users should review macOS app provenance, watch for suspicious notarized binaries, and harden endpoints against unsigned or unexpected installers.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#endpoint-security #macos #information-stealer #crashstealer #gatekeeper #notarization
Original reporting The Hacker News CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks
Open original source