‘CrashStealer’ malware poses as an Apple tool to steal passwords & Mac data
appleinsider.com Jul 13, 2026

‘CrashStealer’ malware poses as an Apple tool to steal passwords & Mac data

AI-summarised brief · reviewed before publication

CrashStealer, a new Mac infostealer, disguises itself as an Apple tool to steal passwords, browser data, and cryptocurrency credentials. It spreads via a signed, Apple-notarized app called Werkbit, which bypasses security checks. Jamf Threat Labs identified the malware in May and confirmed its presence in July. Apple revoked the app’s signing credentials after being informed. Victims must manually download and launch the app for the malware to activate.

💡 Why It Matters

  • · The use of Apple-notarized software to deliver malware shows how attackers are exploiting trusted digital signatures to bypass security.
  • · This incident highlights the risks of downloading apps outside the App Store, even if they appear legitimate.