Imagine you're working on your Mac when a system prompt appears: 'An error has occurred. You need to send a report to Apple. Enter your password to authorize the shipment.' The design is identical to that of legitimate requests. But it is not. This is the modus operandi of CrashStealer, a new infostealer that masquerades as macOS bug reports to steal all your sensitive information. The threat was identified by Jamf, a firm specializing in security for Apple. The malware is distributed through fake sites that promote a meeting platform called Werkbit. The installer is signed and notarized by Apple, which bypasses the initial protections. When running it, the user is met with a common installation wizard. But once installed, the malicious application, under the name CrashReporter.app, displays a window that perfectly imitates the operating system's request for permissions. The user enters their password and the malware validates it locally; If it's incorrect, reorder it until you get the correct one. With the system password, attackers can unlock macOS Keychain, where Wi-Fi passwords, certificates, tokens, and app keys are stored. In addition, CrashStealer steals files from the Documents and Downloads folders, extracts credentials and cookies from Firefox and Chromium-based browsers, attacks 14 popular password managers such as 1Password, Bitwarden, LastPass, Dashlane, NordPass, and Keeper, and compromises more than 80 crypto wallet extensions. All the information is compressed into a hidden ZIP file and uploaded to servers controlled by the attackers. This case shows that no operating system is invulnerable. macOS has traditionally been considered more secure than Windows, but cybercriminals have stepped up their campaigns targeting Apple users. Social engineering remains the most effective vector. Companies, in particular, need to be vigilant: an employee who enters their password in a fake prompt can compromise the entire corporate network. Therefore, cybersecurity must be approached on multiple fronts: awareness, detection tools and access policies. How to protect yourself? First of all: be wary of any window that asks for the system password without a clear reason. Apple crash reports don't require authentication; they just ask if you want to send the diagnosis. They never ask for your password. Second, always verify the origin of applications. If you download software from unofficial sites or suspicious links, you're at risk. Third, keep the system up to date and use advanced security solutions. In the business field, having a team specialized in cybersecurity is essential. At Q2BSTUDIO we understand the challenges of digital security. We offer specialized services such as cybersecurity and pentesting to identify vulnerabilities before attackers do. We also develop custom applications with high protection standards, and we help companies migrate their infrastructures to cloud environments with AWS and Azure cloud services that guarantee data security. Artificial intelligence is transforming cybersecurity. With AI for business, we can develop AI agents that monitor anomalous behavior on the network, detect attack patterns, and automate responses. At Q2BSTUDIO we integrate artificial intelligence solutions and business intelligence services such as Power BI to visualize safety data in real time. We also offer process automation to streamline incident response. CrashStealer is a reminder that the sophistication of attacks is growing every day. Prevention and continuous training are the best defenses. Companies should invest in technology and trusted partners like Q2BSTUDIO, which offer a comprehensive approach: from secure software development to advanced cybersecurity and applied artificial intelligence. Don't wait to be a victim; Act now.


