Mac users beware of new malware targeting your confidential information

If you thought your Mac was invincible, it’s time to reconsider. A sneaky malware is on the prowl, ready to snatch your personal information and dash away with your credit card details. What’s fueling this digital banditry? A growing trend called crimeware-as-a-service (sometimes referred to as MaaS) against macOS. You heard that right; even cybercrime is now available as a service.

ShadowVault: the deceptive malware stealing your data

Now, this isn’t your average, run-of-the-mill villain. It’s a wolf in sheep’s clothing, acting all friendly while secretly plotting to steal your precious data. The malware goes by the name of ShadowVault, and it isn’t just your garden-variety cyber-thief. It’s more like a spy, mingling within your system unnoticed while secretly planning its heist. It insidiously goes about its business on compromised Mac devices, siphoning off valuable info such as usernames and passwords, stored credit card info, data from crypto wallets, and more. The worse part? Criminals can subscribe for 500 dollars a month to access and use this malware.

Who discovered the ShadowVault malware?

Cyber security firm Guardz discovered the ShadowVault malware through the XSS forum on the dark web, where it was being offered to anyone who was willing to pay the $500 bucks per month to rent the malware.

Apple’s response to this malware menace

We reached out to Apple to try to get a comment about the whole ShadowVault malware situation, but they didn’t get back to us before our deadline. The funny thing is Apple released an emergency update for macOS 13.4.1 (as well as iOS 16.5.1 and iPad OS 16.5.1) on Monday. However, they had to pull it back because it was reportedly causing problems with web-based apps. The update’s security notes don’t seem to mention anything about ShadowVault, though, so it is unlikely related.

MORE: 7 SIGNS YOU HAVE BEEN HACKED

How to protect yourself from malware

Don’t panic yet. There are ways to fight and secure your cyber domain. So, how do you keep these digital desperadoes at bay? Let’s break it down.

  • Keep your software up-to-date – Apple has protections built into macOS, and they release security patches through updates. So, it’s a good idea to install them when they come out. To update, go to System settings from the Apple menu, then click General. Next, click Software Update to check for updates. If any updates are available, click the Update Now button to install them.
  • Don’t forget to back up your data – Regularly backing up your crucial data is akin to having a digital insurance policy. Be it cloud storage or an external drive, keeping a backup copy to fall back on if things go south is crucial.
  • Beware of phishing scams – Stay sharp, and don’t take the bait when it comes to phishing scams. The general rule of thumb is if it looks fishy, it probably is.
  • Download software only from trusted sources – When downloading software, think of it like online shopping. You’d only buy from trusted stores, right? Similarly, always stick to the Mac App Store or verified developers’ websites.
  • Switch off automatic file opening – It may seem convenient, but it’s akin to leaving your front door open. Be sure to update all your browsers to the most recent version.
    • Safari: Head to Safari  > Settings > General and uncheck ‘Open “safe” files after downloading’ at the very bottom of the page
    • Chrome: Head to Chrome. See those three dots (…). Click on them. > Click on “Settings > Click downloads. Then toggle On “Ask where to save each file before downloading”
    • Microsoft Edge: Head to Microsoft Edge. Go all the way to the right in your Edge browser and see those three dots (…). Click on them. Scroll down to “settings” and click on it. Scroll down to “downloads” and click on it. Toggle On “Ask me what to do with each download”

 

What to do if your device is infected

What if you’re already a victim of this cyber villain? Here’s your action plan:

Step 1: Detect and Delete Malware – If you suspect your system has been compromised, run a full scan with your antivirus software. It should detect the malware, and most antivirus software will offer you an option to remove it.

How to remove malware on a Mac

 

Step 2: Change All Passwords – For your most sensitive accounts – banking, email, and social media – it’s time to mix things up. Every account needs a strong, unique password. Sounds daunting, doesn’t it? This is where a password manager comes to the rescue.

Think of a password manager as a secure digital notebook. It remembers all your complex passwords for you; all you need to know is one master password to access them. It can also generate hard-to-crack passwords, ensuring each of your accounts is well-protected.

 

Step 3: Inform Your Bank – If your financial information was compromised, reach out to your bank immediately. They can help monitor your accounts for suspicious activity and guide you through the next steps, which might include freezing your accounts or issuing new cards.

 

Step 4: Monitor Your Accounts – Keep a close eye on all your accounts for any unusual activities. If you notice anything suspicious, report it immediately. Be sure to sign up for text alerts with your banking provider for an extra layer of security.

MORE: HOW TO FIND ANYTHING ON AN APPLE IPHONE, IPAD AND MAC

 

Kurt’s key takeaways

You’re not powerless in the face of this cyber-bandit, not by a long shot. With vigilant software updates, a sturdy antivirus, constant data backups, smart web browsing habits, and the magic of password managers, you can keep your digital fortress secure. But remember, this isn’t a one-and-done deal. Cybersecurity is a constant endeavor, with new villains popping up just as the old ones are taken down.

Are there any cybersecurity habits or tools you swear by to keep your Mac safe? Have you had a brush with ShadowVault or any other sneaky malware? What steps did you take to overcome it? Share your experience in the comments below.

FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE

 

More:

 

Related posts

Is your Social Security number at risk? Signs someone might be stealing it

Updated Android malware can hijack calls you make to your bank

Top 10 robocall hotspots in America

17 comments

Teresa Wolf July 24, 2023 - 4:29 am
Great post! I had TotalAV on my computer but wasn't doing automatic updates. I now have that set up. I also had TotalAV on my cellphone but it wasn't set up correctly. Thanks!
Add Comment