برمجية "كراش ستيلر" الخبيثة تتظاهر بأنها أداة من آبل لسرقة كلمات المرور وبيانات ماك

CrashStealer, a newly documented Mac infostealer, used an Apple-notarized meeting app to reach victims before stealing passwords, browser data and cryptocurrency credentials behind a fake system prompt.
Jamf Threat Labs first spotted a suspicious sample on VirusTotal in early May and began seeing matching detections on customer Macs in early July. Further analysis traced the malware to a signed and Apple-notarized first-stage application called Werkbit, giving researchers a clearer view of how the campaign reached victims.
Werkbit carried a valid Developer ID associated with Emil Grigorov and passed Gatekeeper without an unidentified-developer warning. Apple has since revoked the signing credentials associated with the malicious application after Jamf shared its findings with the company's security team.
Jamf found no zero-click stage in the samples it analyzed. A victim still had to download and launch Werkbit, allow the delivery chain to run and enter a valid Mac password before CrashStealer could reach its most valuable targets.
Continue Reading on AppleInsider | Discuss on our Forums
CrashStealer fake password prompt
Jamf Threat Labs first spotted a suspicious sample on VirusTotal in early May and began seeing matching detections on customer Macs in early July. Further analysis traced the malware to a signed and Apple-notarized first-stage application called Werkbit, giving researchers a clearer view of how the campaign reached victims.
Werkbit carried a valid Developer ID associated with Emil Grigorov and passed Gatekeeper without an unidentified-developer warning. Apple has since revoked the signing credentials associated with the malicious application after Jamf shared its findings with the company's security team.
Jamf found no zero-click stage in the samples it analyzed. A victim still had to download and launch Werkbit, allow the delivery chain to run and enter a valid Mac password before CrashStealer could reach its most valuable targets.
Continue Reading on AppleInsider | Discuss on our Forums
الخبر متوفّر باللغات التالية:English
المصدر الأصلي للخبر
آبل إنسايدر