9to5Mac58%
PSA: Beware of fake Mac crash reports out to steal your passwords, crypto wallets, more 48%
By Ben Lovejoy75%
7/15/2026, 11:43:11 AM
BS Summary: This article contains 26 faulty reasoning types, including Indoctrination, Ambiguity (Equivocation), and Biased Writer Voice, with Unattributed Quote as the most egregious example at 35.1% saturation with 100 hits. Analysis detected 820 faulty-reasoning hits from 285 analyzed words, generating a BS Score of 49.4% and a BS Rank of 48% (8,379 of 15,985 articles). This article is better (less manipulative) than 52.40% of the article peer group.
While macOS is generally very stable, there are times when an app will crash and your Mac will offer to send a diagnostic report to Apple.
A new form of Mac malware has been discovered, which creates fake versions of this form, requesting your Mac password as part of the data collection.
If you comply, it will get access to a huge range of personal data, including your password managers and cryptocurrency wallets …
Jamf says it first began tracking the malware in May, and has now seen it in the wild.
Initial access is through a disk image named "Werkbit Setup," which mounts at /Volumes/Werkbit Setup and contains a single application bundle, Werkbit.app.
Its executable is named veltod and carries the bundle identifier dev.golove.velto.
Unlike the payload it eventually installs, the dropper is properly code signed and notarized: it is a universal (arm64 and x86_64) binary signed with the Developer ID Emil Grigorov (WWB7JA7AQV), has hardened runtime enabled, and carries a stapled notarization ticket.
Notably, the disk image itself is signed as well, not just the application inside it, which is uncommon in malicious DMG delivery where the container is typically left unsigned.
Macworld says that Apple has revoked the credentials, so it should now be detected by Gatekeeper.
However, caution is still advised.
In addition to looking out for that disk image, you should also closely examine app crash reports and any password prompt saying that System Preferences wants to make changes.
As always, your best protection is to ensure that you only ever download apps from the Mac App Store and the websites of developers you trust.
Analysis
Hover over highlighted words in the article to view the associated bias or fallacy analysis.