How to protect yourself from ShadowVault – a thief virus for macOS
Malicious code impersonates popular programs and has a fake digital signature.
Cybersecurity company Guardz announced that discovered new malicious code designed to “steal confidential data” in the background on macOS. The malicious code has been dubbed “ShadowVault” and, according to a forum post found by Guardz, can intercept usernames and passwords, saved credit card details, data from cryptocurrency wallets, and more.
Guardz came to know about ShadowVault through an XSS forum on the dark web, where it was offered to anyone for $500 a month to rent malicious code. The development of ShadowVault is part of a growing trend of malicious code as a service (sometimes referred to as MaaS) against macOS. Back in April, Cyble Research and Intelligence Labs discovered AMOS and in March Uptycs discovered Mac Stealer both of which were available to attackers for a fee.
The CVE.report database, which tracks vulnerabilities and leaks, does not contain an entry for ShadowVault, and Apple did not comment on the malicious code. Coincidentally or not, Apple released an emergency Rapid Security Response update for macOS 13.4.1 (as well as iOS 16.5.1 and iPadOS 16.5.1) on Monday, but the update was withdrawn after multiple reports of it crashing web apps. . However, the update’s security notes seem to indicate that the vulnerability is not related to ShadowVault.
How to protect yourself from malware
Apple has security mechanisms in macOS and releases security patches through OS updates, so it’s important to install them when they’re available. If Apple withdraws an update, as was the case with macOS 13.4.1(a), the company will release it again as soon as it is properly patched.
When downloading software, you should obtain it from trusted sources such as the App Store (which reviews the security of its software) or directly from the developer.