🟠 High  |  Source: The Hacker News


CrashStealer is a newly discovered macOS information-stealing malware written in native C++, distributed via a notarised dropper that allows it to bypass Apple’s Gatekeeper security controls. It validates the victim’s login password locally before exfiltrating sensitive data, making it harder to detect through behavioural analysis. Its use of Apple’s own notarisation process to gain implicit trust represents a significant escalation in macOS-targeted threat sophistication.

Security Architect’s Take: Review your macOS fleet management policies to ensure Jamf or equivalent MDM solutions are enforcing application allowlisting beyond Gatekeeper trust alone, as notarisation is no longer a sufficient trust signal. Prioritise endpoint detection tooling capable of identifying C++-based credential harvesting behaviour rather than relying solely on signature-based controls.

Original advisory: CrashStealer macOS Malware Uses Notarized Dropper to Pass Gatekeeper Checks