If you thought your Mac was invincible, it’s time to reconsider. A sneaky malware is on the prowl, ready to snatch your personal information and dash away with your credit card details. What’s fueling this digital banditry? A growing trend called crimeware-as-a-service (sometimes referred to as MaaS) against macOS. You heard that right; even cybercrime is now available as a service.
ShadowVault: the deceptive malware stealing your data
Now, this isn’t your average, run-of-the-mill villain. It’s a wolf in sheep’s clothing, acting all friendly while secretly plotting to steal your precious data. The malware goes by the name of ShadowVault, and it isn’t just your garden-variety cyber-thief. It’s more like a spy, mingling within your system unnoticed while secretly planning its heist. It insidiously goes about its business on compromised Mac devices, siphoning off valuable info such as usernames and passwords, stored credit card info, data from crypto wallets, and more. The worse part? Criminals can subscribe for 500 dollars a month to access and use this malware.
Who discovered the ShadowVault malware?
Cyber security firm Guardz discovered the ShadowVault malware through the XSS forum on the dark web, where it was being offered to anyone who was willing to pay the $500 bucks per month to rent the malware.
Apple’s response to this malware menace
We reached out to Apple to try to get a comment about the whole ShadowVault malware situation, but they didn’t get back to us before our deadline. The funny thing is Apple released an emergency update for macOS 13.4.1 (as well as iOS 16.5.1 and iPad OS 16.5.1) on Monday. However, they had to pull it back because it was reportedly causing problems with web-based apps. The update’s security notes don’t seem to mention anything about ShadowVault, though, so it is unlikely related.
MORE: 7 SIGNS YOU HAVE BEEN HACKED
How to protect yourself from malware
Don’t panic yet. There are ways to fight and secure your cyber domain. So, how do you keep these digital desperadoes at bay? Let’s break it down.
- Keep your software up-to-date – Apple has protections built into macOS, and they release security patches through updates. So, it’s a good idea to install them when they come out. To update, go to System settings from the Apple menu, then click General. Next, click Software Update to check for updates. If any updates are available, click the Update Now button to install them.
- Antivirus software is your best friend – Having a reliable antivirus is like owning a guard dog for your digital home. While Macs are pretty tough cookies, an extra layer of protection wouldn’t hurt. Special for CyberGuy Readers: My #1 pick is TotalAV, and you can get a limited-time deal for CyberGuy readers: $19 your first year (80% off) for the TotalAV Antivirus Pro package. Find my review of Best Antivirus Protection here
- Don’t forget to back up your data – Regularly backing up your crucial data is akin to having a digital insurance policy. Be it cloud storage or an external drive, keeping a backup copy to fall back on if things go south is crucial.
- Beware of phishing scams – Stay sharp, and don’t take the bait when it comes to phishing scams. The general rule of thumb is if it looks fishy, it probably is.
- Download software only from trusted sources – When downloading software, think of it like online shopping. You’d only buy from trusted stores, right? Similarly, always stick to the Mac App Store or verified developers’ websites.
- Switch off automatic file opening – It may seem convenient, but it’s akin to leaving your front door open. Be sure to update all your browsers to the most recent version.
- Safari: Head to Safari > Settings > General and uncheck ‘Open “safe” files after downloading’ at the very bottom of the page
- Chrome: Head to Chrome. See those three dots (…). Click on them. > Click on “Settings > Click downloads. Then toggle On “Ask where to save each file before downloading”
- Microsoft Edge: Head to Microsoft Edge. Go all the way to the right in your Edge browser and see those three dots (…). Click on them. Scroll down to “settings” and click on it. Scroll down to “downloads” and click on it. Toggle On “Ask me what to do with each download”
What to do if your device is infected
What if you’re already a victim of this cyber villain? Here’s your action plan:
Step 1: Detect and Delete Malware – If you suspect your system has been compromised, run a full scan with your antivirus software. It should detect the malware, and most antivirus software will offer you an option to remove it.
Step 2: Change All Passwords – For your most sensitive accounts – banking, email, and social media – it’s time to mix things up. Every account needs a strong, unique password. Sounds daunting, doesn’t it? This is where a password manager comes to the rescue.
Think of a password manager as a secure digital notebook. It remembers all your complex passwords for you; all you need to know is one master password to access them. It can also generate hard-to-crack passwords, ensuring each of your accounts is well-protected.
One of the best password managers out there is 1Password. With no known security breaches or vulnerabilities, 1Password is a solid option as a paid password manager. It utilizes a well-designed interface, which features core components that are expected from premium, paid password managers. At the time of publishing, it starts at $2.99 a month, billed annually, for a total of $35.88/year, and you can save more with a family option which includes 5 family members for $60/year.
Get more details about my best expert-reviewed Password Managers of 2023 here.
Step 3: Inform Your Bank – If your financial information was compromised, reach out to your bank immediately. They can help monitor your accounts for suspicious activity and guide you through the next steps, which might include freezing your accounts or issuing new cards.
Step 4: Monitor Your Accounts – Keep a close eye on all your accounts for any unusual activities. If you notice anything suspicious, report it immediately. Be sure to sign up for text alerts with your banking provider for an extra layer of security.
MORE: HOW TO FIND ANYTHING ON AN APPLE IPHONE, IPAD AND MAC
Kurt’s key takeaways
You’re not powerless in the face of this cyber-bandit, not by a long shot. With vigilant software updates, a sturdy antivirus, constant data backups, smart web browsing habits, and the magic of password managers, you can keep your digital fortress secure. But remember, this isn’t a one-and-done deal. Cybersecurity is a constant endeavor, with new villains popping up just as the old ones are taken down.
Are there any cybersecurity habits or tools you swear by to keep your Mac safe? Have you had a brush with ShadowVault or any other sneaky malware? What steps did you take to overcome it? Share your experience in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
More:
17 comments
Great post! I had TotalAV on my computer but wasn’t doing automatic updates. I now have that set up. I also had TotalAV on my cellphone but it wasn’t set up correctly. Thanks!