Earlier this year, we saw a new malware designed for Macs called MacStealer that can compromise passwords, credit card numbers, crypto wallets, and more. After a second version of that popped up in April, a third advanced Mac malware called ShadowVault macOS Stealer has surfaced. Here’s what it can do and how to protect your Mac.
Like the Atomic macOS Stealer that surfaced in April being sold with a monthly “malware as a service” price, the creators of the new ShadowVault macOS Stealer are doing the same.
Discovered by the Cyber Intelligence Research team at Guardz, ShadowVault was “specifically built to steal sensitive data from macOS systems.” And it’s going for $500/month on the dark web, half the price of the Atomic macOS Stealer malware.
Guardz says that ShadowVault isn’t just another malware, it’s “a sophisticated piece of software built with one purpose – to steal” and that the malware can “have a catastrophic impact on business functionalities and user privacy.”
What can ShadowVault macOS Stealer compromise?
Working silently in the background of your Mac, ShadowVault can:
- Extract passwords, cookies, credit cards, wallets, and all Chromium-based extensions (Opera, Chrome, Edge, Vivaldi, Brave, Torch, Yandex, and over 50 plug-in browsers).
- Extract passwords, cookies, credit cards, wallets, and all Firefox extensions.
- Extract files (you can add/remove any extension).
- Keychain database extraction (decrypted and ready for import).
- Support and decryption of crypto wallets from all browsers
- (Metamask, Coinomi, Binance, Coinbase, Atomic, Exodus, Keplr, Phantom, Trust, Tron Link, Martian).
- Telegram Grabbing.
- Possibility to set up otstuk logs in several places at the same time.
The dark web ad also notes that the malware build can come with “the signature of the Apple developer” for an “additional fee.”
Like the Atomic macOS Stealer, it appears Safari can’t be compromised by ShadowVault. Nonetheless, this malware is still a serious threat with the capability to compromise most other browsers and even Apple’s Keychain which will hold lots of sensitive information for many Mac users.
Guardz closes by saying that with “with the advent of threats like ‘ShadowVault,’ even the most secure systems can prove vulnerable.”
How to stay protected against ShadowVault and other malware
While you probably know these tips, it might be helpful to remind friends and family:
- It’s safest to download and install software from the official Mac App Store
- Use strong passwords and multi-factor authentication (non-SMS) wherever possible
- Enable biometric security like Touch ID on your Mac
- Be careful when opening links sent to you (hover over to see the actual URL before clicking)
- Be cautious while enabling any permissions on your Mac
- Keep your devices, macOS, and applications updated
How to check your Mac for malware
If you’re curious to do a checkup on your Mac to make sure there’s no malware or adware or remove it if there is, check out our full guide:
Image via Guardz
FTC: We use income earning auto affiliate links. More.
Comments