Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
AppleInsider

AppleInsider Vendor Cyber Rating & Cyber Score

appleinsider.com

AppleInsider launched in 1997 and quickly grew to become one of the Internet's premier sources of information for all things Apple. Each month, AppleInsider caters to several million unique visitors including consumers, engineers, bankers, and CEOs of Fortune 500 companies.


AppleInsider A.I CyberSecurity Scoring

AppleInsider
Company Information
Website:http://appleinsider.com
Employees number:16
Number of followers:3,354
NAICS:519131
Industry Type:Online Audio and Video Media
Homepage:appleinsider.com
AppleInsider Risk Score (AI oriented)
Between 700 and 749
logo
AppleInsiderOnline Audio and Video Media
Updated:
13/07/2026
702/1000
Moderate
Ba
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
AppleInsider Global Score (TPRM)
xxxx
logo
AppleInsiderOnline Audio and Video Media
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

AppleInsider
AppleInsiderModerate
Current Score
702Ba (MODERATE)
01000
4 incidents
-20 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
721Before Incident
Cyber Attack
03 Jul 2026AppleInsider
Apple: PamStealer macOS Infostealer Uses PAM API to Verify Stolen Passwords

PamStealer: A Novel macOS Info-Stealer Targeting Apple Silicon Users

701After Incident
CRITICAL-20
APP1783088630
PamStealer: A Novel macOS Info-Stealer Targeting Apple Silicon Users Researchers at Jamf Threat Labs have uncovered PamStealer, a newly identified macOS information stealer that employs a unique credential-verification technique to ensure attackers receive only validated login passwords. The malware spreads via a fake website impersonating Maccy, a legitimate open-source clipboard manager, and specifically targets Apple Silicon Mac users. ### Infection Chain & Technical Sophistication The attack begins at maccyapp[.]com, a spoofed domain mimicking the official Maccy site (maccy[.]app). Victims who download the malicious disk image receive a compiled AppleScript file disguised as the clipboard tool. The first stage performs environment-aware fingerprinting, collecting system details such as CPU architecture, locale, and timezone. Only Apple Silicon devices that meet predefined criteria proceed to the second stage, reducing exposure to security analysis. Stage two delivers a Rust-based infostealer, chosen for its ability to evade static analysis tools optimized for Objective-C and Swift binaries. The payload harvests browser passwords, cookies, autofill data, cryptocurrency wallet files, and system configuration details before exfiltrating them to attacker-controlled infrastructure. ### PAM API Verification: A First for macOS Stealers PamStealer’s defining feature is its use of macOS’s Pluggable Authentication Modules (PAM) API to validate stolen credentials. When prompting victims for their login password via a native-looking dialog ("Maccy wants to make changes"), the malware internally verifies the input using pam_authenticate. Only passwords that pass this check are transmitted, ensuring attackers receive confirmed working credentials unlike traditional phishing methods that capture typos or incorrect entries. ### Targeted Users & Mitigation The campaign exploits users seeking privacy tools, particularly iCloud+ subscribers who may download software from third-party sources. The legitimate Maccy developer has issued warnings on its official site and GitHub, confirming maccy[.]app as the sole trusted download source. Users who entered their password into the fake dialog are advised to rotate credentials, revoke browser sessions, and audit cryptocurrency wallets. Jamf Threat Labs has released indicators of compromise, noting that detection at the AppleScript dropper stage is critical, as the Rust payload executes only on qualifying hosts. Security teams should monitor for compiled .scpt files in disk images from non-App Store sources and outbound connections from newly executed Rust binaries.
INCIDENT DETAILS -
TYPE
Information Stealer
MOTIVATION
Data Theft, Credential Harvesting
IMPACT
Data Compromised: Browser passwords, cookies, autofill data, cryptocurrency wallet files, system configuration detailsSystems Affected: macOS (Apple Silicon devices)Brand Reputation Impact: Potential reputational damage to Maccy (legitimate tool impersonated)Identity Theft Risk: High (PII and credentials compromised)
DATA BREACH
Browser passwordsCookiesAutofill dataCryptocurrency wallet filesSystem configuration detailsSensitivity Of Data: High (PII, credentials, financial data)Data Exfiltration: Yes (to attacker-controlled infrastructure)Personally Identifiable Information: Yes (login passwords, browser data)
JUNE 2026
721Before Incident
MAY 2026
739Before Incident
Cyber Attack
01 May 2026AppleInsider
1Password and Apple: New macOS Stealer Mimics Apple’s Crash Report Framework to Steal Browser Credentials

CrashStealer: Sophisticated macOS Infostealer Mimics Apple Utilities to Steal Credentials and Crypto Wallets

719After Incident
CRITICAL-20
APP1PA1783967437
CrashStealer: Sophisticated macOS Infostealer Mimics Apple Utilities to Steal Credentials and Crypto Wallets In early May 2026, cybersecurity firm Jamf identified a suspicious macOS infostealer on VirusTotal, initially appearing as a work-in-progress. By July, the malware dubbed CrashStealer had evolved into an actively deployed threat, designed to harvest browser credentials, cryptocurrency wallets, password manager data, and Keychain contents before encrypting and exfiltrating the stolen information to a remote command-and-control (C2) server. Unlike typical macOS stealers built on AppleScript or Objective-C, CrashStealer is written in native C++, leveraging an internal class called MacOSData for efficiency and stealth. Its development marks a shift toward more professionalized macOS malware, aligning with trends observed in threats like Atomic (AMOS), MacSync, and Phexia though with distinct technical advancements. ### Infection Chain and Evasion Tactics CrashStealer spreads via a signed disk image ("Werkbit Setup"), a rarity in malicious DMG campaigns, which includes a notarized application bundle to bypass Gatekeeper. Upon execution, the dropper fetches an obfuscated shell script from GitHub, decodes multiple Base64 layers, and deploys the payload disguised as "CrashReporter.app" complete with Apple’s bundle identifier and icon. Once active, the malware: - Validates the victim’s login password via `dscl` - Unlocks the Keychain and profiles installed security tools - Targets Chromium-based browsers (Chrome, Brave, Edge, etc.) and Firefox for stored credentials - Steals data from ~80 cryptocurrency wallet extensions (Ethereum, Solana, Cosmos, TON, etc.) - Exfiltrates data from 14 password managers, including 1Password, Bitwarden, and LastPass - Conducts file-system reconnaissance in Documents and Downloads ### Advanced Tradecraft CrashStealer employs AES-256-GCM encryption via Apple’s CommonCrypto framework to secure stolen data before exfiltration over `libcurl`, a level of operational security uncommon in commodity macOS malware. Additional anti-analysis measures include control-flow flattening and anti-debugging checks, reflecting a broader trend of macOS threats adopting Windows-level sophistication. For persistence, the malware re-signs itself and installs a LaunchAgent (`com.apple.crashreporter.helper`), further impersonating Apple’s legitimate utilities. ### Broader Campaign Indicators Jamf linked CrashStealer to a live operator panel and additional infrastructure domains, suggesting it is part of a multi-platform operation rather than an isolated tool. This discovery underscores the rapid maturation of macOS infostealers, with detection volumes and technical complexity rising sharply since 2025.
INCIDENT DETAILS -
TYPE
Infostealer
MOTIVATION
Financial gain (credential and cryptocurrency theft)
IMPACT
Data Compromised: Browser credentials, cryptocurrency wallets, password manager data, Keychain contents, personally identifiable informationSystems Affected: macOS systemsIdentity Theft Risk: HighPayment Information Risk: High (cryptocurrency wallets)
DATA BREACH
Browser credentialsCryptocurrency walletsPassword manager dataKeychain contentsPersonally identifiable informationSensitivity Of Data: HighData Exfiltration: Yes (to remote C2 server)Data Encryption: AES-256-GCM (for exfiltrated data)Personally Identifiable Information: Yes
APRIL 2026
738Before Incident
MARCH 2026
738Before Incident
FEBRUARY 2026
738Before Incident
JANUARY 2026
751Before Incident
DECEMBER 2025
737Before Incident
NOVEMBER 2025
751Before Incident
OCTOBER 2025
736Before Incident
SEPTEMBER 2025
751Before Incident
AUGUST 2025
751Before Incident
JANUARY 2025
750Before Incident
Cyber Attack
01 Jan 2025AppleInsider
Google and Apple: SparkCat malware returns to target Android and iOS users, hiding in innocent apps to try and steal your details

SparkCat Infostealer Resurfaces in App Store and Play Store with Advanced Obfuscation

730After Incident
CRITICAL-20
GOOAPP1775500447
SparkCat Infostealer Resurfaces in App Store and Play Store with Advanced Obfuscation Cybersecurity researchers at Kaspersky have identified a resurgence of SparkCat, a mobile-focused infostealer targeting cryptocurrency seed phrases, hidden within apps on both the Apple App Store and Google Play Store. Despite rigorous vetting processes by Apple and Google, threat actors successfully distributed the malware through seemingly legitimate apps, including enterprise messengers and food delivery services. First detected in 2025, SparkCat initially targeted Asian users by scanning for Japanese, Korean, and Chinese keywords in seed phrases 12- or 24-word recovery phrases used to restore cryptocurrency wallets. The malware employed Optical Character Recognition (OCR) to extract seed phrases from photos and screenshots, a tactic that previously drew attention for its sophistication. The latest version introduces new obfuscation techniques, including code virtualization and cross-platform languages, making detection significantly harder. While the Android variant continues to focus on Asian languages, the iOS version now targets English mnemonics, expanding its reach to Western users. Kaspersky reported the findings to Apple and Google, leading to the removal of some malicious apps. However, the incident highlights ongoing challenges in securing official app marketplaces against evolving malware threats.
INCIDENT DETAILS -
TYPE
Infostealer Malware
MOTIVATION
Financial gain (theft of cryptocurrency seed phrases)
IMPACT
Data Compromised: Cryptocurrency seed phrases (12- or 24-word recovery phrases)Mobile devices (iOS and Android)Brand Reputation Impact: Potential reputational damage to Apple and Google due to distribution via official app storesIdentity Theft Risk: High (risk of cryptocurrency wallet compromise and financial theft)
DATA BREACH
Type Of Data Compromised: Cryptocurrency seed phrasesSensitivity Of Data: High (direct access to cryptocurrency wallets)Data Exfiltration: Yes (via OCR extraction from photos/screenshots)Images (photos/screenshots containing seed phrases)Personally Identifiable Information: Cryptocurrency wallet recovery phrases (indirectly linked to financial assets)
JUNE 2023
752Before Incident
Vulnerability
16 Jun 2023AppleInsider
Apple: Apple Security Risk: Full List of iPhones and iPads Affected

Apple Patches Critical WebKit Vulnerabilities in iOS and iPadOS Updates

748After Incident
CRITICAL-4
APP1768941532
Apple Patches Critical WebKit Vulnerabilities in iOS and iPadOS Updates Apple has released security updates addressing two critical WebKit vulnerabilities that left millions of iPhones and iPads exposed to potential attacks. The flaws, identified in the engine powering Safari and all iOS browsers, could allow malicious websites to execute harmful code, granting attackers control over devices and access to sensitive data, including passwords and payment details. The vulnerabilities were reportedly exploited in a sophisticated attack targeting specific individuals, as confirmed by Apple in late 2023. While the company released fixes in iOS 26.2 and iPadOS 26.2, adoption remains low only about 20% of users have installed the update, leaving the majority of devices at risk. WebKit flaws stem from memory-related errors, enabling attackers to exploit them simply by luring users to a compromised webpage. Since WebKit underpins all iOS and iPadOS browsers, a single vulnerability can impact millions of devices. Affected Devices: - iPhone 11 and later - iPad Pro 12.9-inch (3rd generation) and later - iPad Pro 11-inch (1st generation) and later - iPad Air (3rd generation) and later - iPad (8th generation) and later - iPad mini (5th generation) and later Apple continues to urge users to update to the latest software versions to mitigate risks, as future security releases will build on these fixes. Devices running outdated software remain vulnerable to exploitation.
INCIDENT DETAILS -
TYPE
Vulnerability Exploitation
IMPACT
Data Compromised: Passwords, payment details, sensitive dataSystems Affected: iOS and iPadOS devicesIdentity Theft Risk: HighPayment Information Risk: High
DATA BREACH
Type Of Data Compromised: Sensitive data, passwords, payment detailsSensitivity Of Data: HighPersonally Identifiable Information: Yes

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for AppleInsider ?
?
What was AppleInsider's A.I Rankiteo Cyber Score in June 2026 ?
?
What was AppleInsider's A.I Rankiteo Cyber Score in May 2026 ?
?
What was AppleInsider's A.I Rankiteo Cyber Score in April 2026 ?
?
What was AppleInsider's A.I Rankiteo Cyber Score in March 2026 ?
?
What was AppleInsider's A.I Rankiteo Cyber Score in February 2026 ?
?
What was AppleInsider's A.I Rankiteo Cyber Score in January 2026 ?
?
What was AppleInsider's A.I Rankiteo Cyber Score in December 2025 ?
?
What was AppleInsider's A.I Rankiteo Cyber Score in November 2025 ?
?
What was AppleInsider's A.I Rankiteo Cyber Score in October 2025 ?
?
What was AppleInsider's A.I Rankiteo Cyber Score in September 2025 ?
?
What was AppleInsider's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on AppleInsider's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with AppleInsider ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view AppleInsider's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?
AppleInsider Cyber Scoring History | Rankiteo