CrashStealer analysis of client-side AES-GCM encryption and anti-analysis techniques
Technical Analysis
Summary
Hide ▲
Show ▼
Researchers published a technical analysis of CrashStealer that adds reusable detail on client-side AES-GCM encryption and layered anti-analysis behavior, making the macOS payload harder to inspect and detect. The findings show how the malware protects collected files and resists reverse engineering. Those techniques increase the effort needed to recover stolen data and build reliable detections.
Related Happenings
CrashStealer macOS information stealer activity
Malware Activity
H score10
First: 13.07.2026 20:36
Last: 13.07.2026 20:36
Sources 1
How related:
As detailed by Jamf Threat Labs, CrashStealer is a macOS infostealer designed to harvest login details, cryptocurrency wallets and any other data stored on the system or in the browser.
About this happening:
**CrashStealer** is a **macOS information-stealing malware** that was tracked in **May** and seen in attacks in **early July**. It impersonates **Apple's crash-reporting tool** by...
CrashStealer macOS information stealer activity
Malware ActivityHow related: As detailed by Jamf Threat Labs, CrashStealer is a macOS infostealer designed to harvest login details, cryptocurrency wallets and any other data stored on the system or in the browser.
About this happening: **CrashStealer** is a **macOS information-stealing malware** that was tracked in **May** and seen in attacks in **early July**. It impersonates **Apple's crash-reporting tool** by...
MiningDropper (BeatBanker) modular Android payload framework with encrypted staging
Technical Analysis
H score22
First: 24.04.2026 14:48
Last: 24.04.2026 14:48
Sources 1
About this happening:
**MiningDropper (BeatBanker)** now stands out as a **layered modular Android malware framework** that can reuse one delivery chain across **hundreds of samples**, making **static...
MiningDropper (BeatBanker) modular Android payload framework with encrypted staging
Technical AnalysisAbout this happening: **MiningDropper (BeatBanker)** now stands out as a **layered modular Android malware framework** that can reuse one delivery chain across **hundreds of samples**, making **static...
Timeline
-
13.07.2026 03:00 2 articles · 1d ago
Jamf Threat Labs details CrashStealer's client-side AES-GCM encryption
Technical Analysis UpdateJamf Threat Labs publishes a technical analysis of CrashStealer, a macOS infostealer that targets login details, cryptocurrency wallets and browser or keychain data, and documents client-side AES-GCM encryption plus control-flow flattening, encrypted strings and layered anti-debugging designed to make the malware harder to inspect and detect.
Show sources
- New MacOS Malware Exploits Legitimate Developer ID to Pose as Apple Crash Reporter — www.infosecurity-magazine.com — 14.07.2026 15:00
- New MacOS Malware Exploits Legitimate Developer ID to Pose as Apple Crash Reporter — www.infosecurity-magazine.com — 14.07.2026 15:00