Connect with us

CyberSecurity

CrashStealer: New macOS Malware Uses Notarized Dropper to Evade Apple’s Gatekeeper

Published

on

CrashStealer macOS malware

A Stealthy New Player in macOS Threats

Cybersecurity researchers have uncovered a fresh macOS information stealer dubbed CrashStealer. Unlike many of its peers that lean on AppleScript droppers or Objective-C wrappers, this one is built in native C++. That alone makes it stand out — and more dangerous.

According to Jamf Threat Labs, CrashStealer doesn’t just skim data passively. It validates the victim’s login password locally before proceeding. If the password doesn’t match, the malware simply stops. That’s a level of caution rarely seen in commodity stealers.

The big headline? CrashStealer passed Apple’s notarization checks, meaning it briefly wore a badge of trust before being flagged. That’s a sobering reminder that notarization is not a guarantee of safety.

How CrashStealer Bypasses Gatekeeper

Apple’s Gatekeeper is designed to block unsigned or untrusted code from running on macOS. But CrashStealer’s developers got their payload notarized by Apple — a process meant to verify that software is free of known malicious components.

How? The dropper itself appeared clean. It was only the second-stage payload that carried the malicious logic. Once the notarized installer ran, it fetched the real stealer from a remote server, entirely bypassing the initial Gatekeeper scan.

This technique, sometimes called a “notarized dropper,” exploits a gap: Apple checks the outer package but doesn’t re-verify dynamically downloaded code. For attackers, it’s a clean way to get a foothold on a locked-down Mac.

The C++ Advantage

Most macOS malware relies on scripting languages like AppleScript or higher-level wrappers in Objective-C. CrashStealer’s use of native C++ gives it several advantages:

  • Smaller binary size, making it harder to spot via heuristics
  • Lower-level system access, useful for keylogging and credential theft
  • Better evasion of signature-based detection tools

Jamf researchers noted that the malware’s code is lean and avoids common macOS API calls that antivirus engines monitor. That’s a deliberate design choice — and it works.

What Data Does CrashStealer Harvest?

Once active, CrashStealer goes after a broad set of sensitive information. Its targets include:

  • Login passwords and keychain data
  • Browser cookies and saved credentials
  • Cryptocurrency wallet files
  • System information and installed application lists
  • iCloud tokens, if accessible

The stolen data is exfiltrated to a command-and-control server. Researchers haven’t yet confirmed the full scope of victims, but the malware’s design suggests a broad, indiscriminate targeting strategy — not a narrow espionage campaign.

What This Means for Mac Users

For years, Mac users enjoyed a reputation for relative safety compared to Windows. That’s changing. macOS-specific malware like CrashStealer, Mac ransomware, and info-stealers targeting Apple systems are on the rise.

The fact that CrashStealer passed notarization is particularly troubling. It means users who trust Apple’s stamp of approval can still be compromised. The lesson: don’t rely solely on Apple’s security checks. Practice the same caution you would on any other platform.

If you’re a Mac user, consider these steps:

  • Only download software from official developer websites, not third-party mirrors
  • Keep macOS and all apps updated
  • Use a reputable endpoint security tool that monitors for unusual behavior
  • Enable FileVault encryption to protect data at rest
  • Be skeptical of unexpected password prompts — CrashStealer asks for your login password

Detection and Mitigation

Jamf Threat Labs has published indicators of compromise (IoCs) for CrashStealer, including known C2 domains and file hashes. Security teams can use these to scan for infections.

Apple has since revoked the notarization ticket for the malicious dropper, so new installations should now trigger Gatekeeper warnings. But existing infections remain active until cleaned.

For individuals, a full system scan with an updated antivirus tool is the first step. If you suspect compromise, change all passwords from a clean device and enable two-factor authentication wherever possible.

CrashStealer is a wake-up call. macOS notarization is a useful security layer — but it’s not bulletproof. Treat every download with a healthy dose of skepticism, even if Apple gave it a thumbs-up.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

CyberSecurity

Google and Microsoft Yank ModHeader Extension With 1.6 Million Users After Hidden Collector Discovered

Published

on

ModHeader extension pulled

ModHeader Extension Yanked After Dormant Data Collector Found

Google and Microsoft have both pulled the popular ModHeader extension pulled from their official stores. The header-editing tool, which had roughly 1.6 million installs across Google Chrome and Microsoft Edge, was removed after security researchers uncovered a hidden browsing-history collector buried in its code.

The collector was dormant. An empty allow-list kept it switched off, and no proof has emerged that it ever gathered or sent a single browsing domain. But its mere presence was enough to trigger a takedown from both companies.

What ModHeader Did — and What Got Hidden Inside

ModHeader let developers and power users modify HTTP request headers on the fly. It was a niche but essential tool for testing web apps, debugging APIs, and spoofing headers for development work. Many users installed it years ago and never thought twice about it.

Then researchers at BleepingComputer took a closer look at the extension’s code. They found a function that could collect domains from a user’s browsing history and send them to a remote server. The collector was gated by an allow-list — a list of domains it would actually track. That list was empty.

Empty or not, the code was there. And once you ship code that can exfiltrate data, the damage to trust is done.

1.6 Million Installs — But No Evidence of Data Theft

Here’s the tricky part. The collector was never active. No domains were ever sent. The extension’s developer likely inserted the code as a placeholder for future functionality — or maybe as a test that got accidentally pushed to the store. Either way, it violated each store’s policies against unauthorized data collection.

Google’s Chrome Web Store policy is clear: extensions must only request permissions they actually use. Code that could collect browsing history, even if dormant, is a red flag. Microsoft’s Microsoft Edge Add-ons policy is similarly strict.

Both companies acted fast. The extension was removed within days of the report. Users who already have ModHeader installed can still use it, but it won’t receive updates. And it won’t be available for new installs.

What This Means for Extension Developers

This incident is a sharp reminder: if you include code that can collect user data — even if it’s switched off — you’re playing with fire. Store reviewers are getting better at spotting suspicious patterns. And researchers are constantly scanning popular extensions for hidden functionality.

For users, the lesson is simpler. ModHeader extension pulled from stores doesn’t mean it’s safe to keep using. If you have it installed, consider whether you trust the developer to never flip that switch. Many users are already looking for alternatives like Requestly or Header Editor.

  • Check your installed extensions regularly.
  • Remove anything you don’t actively use.
  • Stick to well-known developers with transparent privacy policies.

Alternatives to ModHeader

If you relied on ModHeader for development work, you’re not stranded. Several alternatives offer similar header-editing capabilities:

  • Requestly — open-source, actively maintained, with a clear privacy policy.
  • Header Editor — lightweight and focused on modifying request and response headers.
  • Modify Headers — another solid option for HTTP header manipulation.

Each of these tools has been vetted by the community. None have hidden data collectors — at least, not yet. That’s the uncomfortable truth about browser extensions: you’re trusting the developer every time you click “Add to Chrome.”

The Bigger Picture: Trust in Browser Extensions

The ModHeader case isn’t an isolated incident. In 2023, Google removed dozens of extensions caught stealing user data. In 2024, a popular ad-blocker was found to be quietly sending browsing data to a marketing firm. The pattern keeps repeating.

Browser extensions are powerful. They can see everything you do — every page you visit, every form you fill, every password you type. That power makes them a prime target for bad actors. And even well-intentioned developers can make mistakes that compromise user privacy.

The ModHeader extension pulled story is a cautionary tale. It shows how quickly trust can evaporate. And it underscores why you should treat every extension as a potential risk — even one with 1.6 million installs and years of good reputation.

For now, the collector remains dormant. But the code is still there. And that’s enough to make anyone think twice.

Continue Reading

CyberSecurity

Lessons Learned from CISA’s Recent GitHub Leak: What Every Security Team Should Know

Published

on

CISA GitHub leak

The 844 MB Wake-Up Call

On May 15, 2026, security firm GitGuardian spotted something alarming: a public GitHub repository named “Private CISA” containing 844 MB of sensitive data from the Cybersecurity and Infrastructure Security Agency (CISA). Inside sat files like “importantAWStokens” — administrative credentials to three AWS GovCloud servers — and a CSV listing plaintext usernames and passwords for dozens of internal CISA systems.

The repository had been public for nearly six months before KrebsOnSecurity alerted the agency. CISA’s own postmortem, published by acting CIO Preston Werntz and acting CISO Brad Libbey, doesn’t sugarcoat what went wrong. It’s a rare, transparent look at how a national cybersecurity agency fumbled its own security — and what every organization can learn from the mess.

Key Rotation Took Too Long

CISA acknowledged the alert quickly, but invalidating the exposed AWS keys and other secrets took more than 48 hours. The agency blamed the delay on “complexities of the agency’s systems and interconnections with federal and industry partners.”

The lesson is blunt: key rotation must be fast and well-practiced. CISA now recommends that all organizations maintain “mature and well-tested key management capabilities.” If rotating a compromised credential takes two days, an attacker has a wide window to cause damage.

Why Speed Matters

Every hour a credential stays live increases risk. The postmortem doesn’t say whether the exposed keys were used maliciously, but it does confirm that detailed logs showed no unauthorized access. That’s lucky — not a strategy.

Nine Ignored Alerts, Six Months of Exposure

Guillaume Valadon, the GitGuardian researcher who first contacted KrebsOnSecurity, revealed a damning detail: CISA had received nine automated alerts about the exposed credentials before the May 15 notification. Each alert went unanswered.

“Letting nine notification emails go unanswered is how a one-day incident becomes a six-month exposure,” Valadon wrote in his own analysis. His point is sharp: automated scanning is useless if nobody reads the reports.

Organizations should configure alerts to escalate if ignored. A single unread email shouldn’t leave sensitive data exposed for half a year.

Reporting Channels Were a Maze

When Valadon tried to report the leak, he hit dead ends. CISA’s vulnerability disclosure platform was designed for product bugs, not reports about the agency’s own infrastructure. He ended up emailing the contractor who leaked the data, submitting through the wrong channel, and eventually going to a reporter.

The postmortem admits these channels “were not well defined.” CISA is now refining them to make reporting faster and easier. The agency also stresses that organizations should publish reporting instructions in multiple prominent locations — not just a security.txt file.

Valadon’s advice: “Make it trivial to report a leak about you, not just about your products. The person reporting a leak to you is not the threat.”

The Playbook Didn’t Cover GitHub

CISA had an incident response playbook, but it somehow didn’t include scenarios involving GitHub or other cloud services. That gap meant the team had to improvise when dealing with a public repository full of their own secrets.

The lesson is straightforward: incident response playbooks must cover modern attack surfaces. Cloud repositories, CI/CD pipelines, and third-party integrations all need dedicated procedures. If your playbook only covers traditional network intrusions, you’re not ready for today’s threats.

Continuous Scanning Is Non-Negotiable

The “Private CISA” repository sat exposed for six months. GitGuardian found it through continuous monitoring of public GitHub — not a quarterly scan. Valadon argues that comprehensive internal scanning could have caught the plaintext passwords and committed backups long before they left the building.

CISA has since rotated all secrets and created an action plan to improve developer secret management and monitoring. The agency now advocates for continuous secrets scanning, a practice Valadon calls “exactly the incident communication we should expect from every organization.”

What Went Right: Logging and Zero Trust

CISA gave itself passing grades on several fronts. Enhanced logging capabilities allowed the agency to gauge the scope and impact of the exposure. Adoption of zero-trust principles in both production and development systems meant that even though credentials leaked, they couldn’t be used outside CISA’s environments.

The agency confirmed that no customer or mission data was exposed, and the contractor who leaked the secrets had their system access revoked. These controls prevented a bad situation from becoming catastrophic.

The Biggest Takeaway: Transparency

Valadon praised CISA for publishing the postmortem at all. “To my knowledge, it is also the first time a national cybersecurity agency has publicly advocated for secrets scanning and for simplifying relations with security researchers,” he wrote.

That’s the real lesson. A detailed, honest post-incident report — one that admits mistakes and offers concrete fixes — builds trust. It also helps the entire security community improve. Every organization should aim for that level of candor.

For more on securing your development workflows, check out our guide on GitHub secrets scanning best practices and learn how to set up automated credential monitoring.

Continue Reading

CyberSecurity

JadePuffer: How an AI-Driven Ransomware Attack Exploited Langflow to Steal and Encrypt

Published

on

LLM-driven ransomware attack

The First True AI-Powered Ransomware Campaign Has Arrived

Cybersecurity researchers have documented what they’re calling the first fully autonomous ransomware attack orchestrated by a large language model. Dubbed JadePuffer, the campaign didn’t just use AI as a helper tool — it let an LLM drive the entire kill chain, from initial access to data exfiltration and file encryption.

The attack exploited a known vulnerability in Langflow, an open-source visual framework for building LLM applications. The flaw gave the AI agent a foothold into a production database server. From there, it moved laterally, stealing sensitive data and locking down other systems.

This isn’t a proof-of-concept or a red-team exercise. It’s a real-world breach, and it changes how defenders need to think about AI threats.

What Makes JadePuffer Different from Previous AI-Assisted Attacks

Earlier ransomware strains have used AI for narrow tasks — generating phishing emails, writing malicious code snippets, or evading detection. JadePuffer is different. Security analysts describe it as an “agentic threat actor”: the LLM acted as the central brain, making decisions and executing actions across the entire attack lifecycle.

The AI chose which vulnerabilities to probe. It selected the data worth stealing. It decided which systems to encrypt and when to trigger the ransom note. Human operators were barely in the loop.

This level of autonomy is a leap forward for cybercriminals. It also means the attack speed was blistering — the AI doesn’t sleep, doesn’t hesitate, and doesn’t need to coordinate time zones.

How the Langflow Flaw Was Used

Langflow is popular among developers for prototyping LLM workflows. The specific vulnerability, tracked as CVE-2024-XXXX (publicly disclosed in early 2024), allowed remote code execution via a malicious API request. The JadePuffer LLM scanned for exposed Langflow instances, found one connected to a production database, and exploited the flaw within seconds.

Once inside, the AI agent enumerated the network, located backup servers, and deleted shadow copies to hinder recovery. Then it began encrypting files using a custom implementation of AES-256, leaving a ransom note that demanded payment in Monero.

The Data Theft Component — Not Just Encryption

Many ransomware attacks focus on encryption alone, hoping victims will pay to unlock files. JadePuffer added a second pressure point: data theft. Before encryption, the LLM extracted customer records, financial data, and proprietary code from the database server.

The stolen data was exfiltrated to a remote server via encrypted channels. The ransom note explicitly threatened to leak the data publicly if payment wasn’t received within 72 hours. This dual-extortion tactic is common in human-led attacks, but seeing an AI orchestrate it autonomously is new.

Researchers estimate the total data volume stolen at roughly 1.2 terabytes, including personally identifiable information (PII) for hundreds of thousands of individuals.

Implications for Enterprise Security Teams

JadePuffer forces a hard question: if an LLM can pull off a complete ransomware attack today, what comes next? The answer is uncomfortable. AI agents are getting cheaper to run, easier to customize, and harder to detect because they mimic human decision-making patterns.

Defenders need to rethink several assumptions:

  • Vulnerability patching is now a race against AI speed. The JadePuffer LLM scanned and exploited the Langflow flaw within minutes of finding it. Manual patching cycles of weeks are no longer acceptable.
  • Network segmentation must be AI-aware. The LLM moved laterally by analyzing network topology in real time. Traditional perimeter defenses didn’t slow it down.
  • Monitoring for AI behavior is different. The attack showed consistent, rapid decision-making — something no human operator could sustain. Security tools need to flag machine-speed lateral movement.

For more on protecting against AI-powered threats, check out our guide on ransomware prevention strategies for 2024.

How to Detect and Block Agentic AI Attacks

Detection starts with understanding what “agentic” behavior looks like in network logs. Key indicators include:

  • Rapid, sequential API calls to multiple endpoints without human-like pauses
  • Unusual data extraction patterns — the AI stole data in structured, parallel streams rather than manual downloads
  • Encryption activity that begins seconds after data exfiltration, with no delay

Organizations using Langflow or similar LLM orchestration tools should immediately patch known vulnerabilities and restrict network access to these systems. Air-gapping critical database servers from internet-facing LLM tools is a prudent step.

Behavioral detection tools that use machine learning to spot anomalous patterns may catch AI-driven attacks more effectively than signature-based antivirus. The JadePuffer LLM didn’t use any known malware — it wrote custom scripts on the fly, which means traditional file-hashing detection was useless.

Finally, incident response plans need to account for the speed of AI attacks. Manual containment procedures that take hours are obsolete. Automated isolation of compromised systems — triggered by behavioral alerts — is now essential.

The Broader Picture: AI as a Cyber Weapon

JadePuffer is a milestone, but it won’t be the last. The barrier to entry for building an agentic ransomware LLM is dropping fast. Open-source models like Llama 3 and Mistral can be fine-tuned for malicious purposes with relatively little effort.

Security researchers are already seeing copycat attempts. The code and techniques used in JadePuffer are being discussed in underground forums. It’s only a matter of time before less sophisticated criminals clone the approach.

For a deeper look at how AI is reshaping the threat landscape, read our analysis on the rise of autonomous cyberattacks.

The era of LLM-driven ransomware is here. JadePuffer is the first complete example — it won’t be the last.

Continue Reading

Trending