Cyber security firm Guardz has announced that it has discovered new malware designed to “steal sensitive data” in the background on macOS. Dubbed “ShadowVault,” the malware, according to a forum posting discovered by Guardz, can grab usernames and password, stored credit card info, data from cypto wallets, and more.
Guardz learned about ShadowVault through the XSS forum on the dark web, where it was being offered to anyone who was willing to pay $500 per month to rent the malware. The development of ShadowVault is part of a growing trend of malware as a service (sometimes referred to as MaaS) against macOS. Back in April, Cyble Research and Intelligence Labs discovered AMOS, while in March, Uptycs discovered MacStealer, both of which were available to bad actors for a fee.
The CVE.report database that tracks vulnerabilities and exposures does not appear to have an entry for ShadowVault, and Apple has not commented on the malware. Coincidentally, Apple released an emergency Rapid Security Response update for macOS 13.4.1 (as well as iOS 16.5.1 and iPadOS 16.5.1) on Monday, but the update was pulled back after numerous reports of it causing web-based apps to fail. However, the update’s security notes seems to indicate that the per-day flaw is unrelated to ShadowVault.
How to protect yourself from malware
Apple has protections in place within macOS and the company releases security patches through OS updates, so it’s important to install them when they are available. If Apple pulls back an update, as was the case with macOS 13.4.1(a) the company will reissue it as soon as it is properly revised with corrections.
When downloading software, get it from trusted sources, such as the App Store (which makes security checks of its software) or directly from the developer. Macworld has several guides to help, including a guide on whether or not you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.
