Jamf Threat Labs first spotted CrashStealer in early May 2026 as a suspicious macOS sample uploaded to VirusTotal. By early July, in-the-wild detections confirmed the malware had moved from development into active deployment. The malware is written in native C++, impersonates Apple’s built-in crash-reporting framework, and encrypts everything it collects before sending it out. Most commodity macOS...
