Cybersecurity firm Guardz has announced the discovery of new malware designed to “steal sensitive data” in the background on macOS. Dubbed “ShadowVault,” the malware, according to a forum post discovered by Guardz, can capture usernames and passwords, stored credit card information, data from cryptocurrency wallets, and more.
Guardz found out about ShadowVault through the XSS forum on the dark web, where it was offered to anyone who was willing to pay $500 a month to rent malware. The development of ShadowVault is part of a growing trend of malware as a service (sometimes called MaaS) against macOS. Back in April Cyble Research and Intelligence Labs discovered AMOS, and in March Uptycs discovered MacStealer, both of which were available to attackers for a fee.
The CVE.report database, which tracks vulnerabilities and impacts, does not appear to have an entry for ShadowVault, and Apple did not comment on the malware. Coincidentally, Apple released an emergency Rapid Security Response update for macOS 13.4.1 (as well as iOS 16.5.1 and iPadOS 16.5.1) on Monday, but the update was pulled after numerous reports that it crashed web apps. . However, the update’s security notes seem to indicate that the daily vulnerability is not related to ShadowVault.
How to protect yourself from malware
Apple has protections in macOS and the company releases security patches through OS updates, so it’s important to install them when they’re available. If Apple decides not to update, as was the case with macOS 13.4.1(a), the company will re-release it once it has been properly patched.
When downloading software, get it from trusted sources such as the App Store (which conducts security checks on their software) or directly from the developer. Macworld has several guides, including a guide on whether you need antivirus software, a list of Mac viruses, malware, and trojans, and a comparison of Mac security software.