Mac users beware of new malware targeting your confidential information

If you thought your Mac was invincible, it’s time to reconsider. A sneaky malware is on the prowl, ready to snatch your personal information and dash away with your credit card details. What’s fueling this digital banditry? A growing trend called crimeware-as-a-service (sometimes referred to as MaaS) against macOS. 

You read that right; even cybercrime is now available as a service. 

CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK TIPS, TECH REVIEWS AND EASY HOW-TO’S TO MAKE YOU SMARTER 

ShadowVault: the deceptive malware stealing your data 

Now, this isn’t your average, run-of-the-mill villain. It’s a wolf in sheep’s clothing, acting all friendly while secretly plotting to steal your precious data. The malware goes by the name of ShadowVault, and it isn’t just your garden-variety cyber-thief. It’s more like a spy, mingling within your system unnoticed while secretly planning its heist. It insidiously goes about its business on compromised Mac devices, siphoning off valuable info such as usernames and passwords, stored credit card info, data from crypto wallets, and more. The worse part? Criminals can subscribe for $500 a month to access and use this malware. 

Who discovered the ShadowVault malware? 

Cyber security firm Guardz discovered the ShadowVault malware through the XSS forum on the dark web, where it was being offered to anyone who was willing to pay the $500 per month to rent the malware. 

Apple’s response to this malware menace 

Apple, as a matter of policy, does not usually comment on security issues, especially when a threat remains unpatched. We reached out to Apple to try to get a comment about the whole ShadowVault malware situation, but they didn’t get back to us before our deadline. Funny thing is, Apple released an emergency update for macOS 13.4.1 (as well as iOS 16.5.1 and iPad OS 16.5.1) on Monday. However, they had to pull it back, because it was reportedly causing problems with web-based apps. The update’s security notes don’t seem to mention anything about ShadowVault, though, so it is unlikely related. 

How to protect yourself from malware 

Don’t panic yet. There are ways to fight and secure your cyber domain. So, how do you keep these digital desperadoes at bay? Let’s break it down. 

HOW TO FIND YOUR LOST MACBOOK 

Keep your software up-to-date – Apple has protections built into macOS, and they release security patches through updates. So, it’s a good idea to install them when they come out. To update, go to System settings from the Apple menu, then click General. Next, click Software Update to check for updates. If any updates are available, click the Update Now button to install them. 

Antivirus software is your best friend – Having a reliable antivirus is like owning a guard dog for your digital home. While Macs are pretty tough cookies, an extra layer of protection wouldn’t hurt. See my expert review of the best antivirus protection for your Windows, Mac, Android and iOS devices by heading to Cyberguy.com/LockUpYourTech 

Don’t forget to back up your data – Regularly backing up your crucial data is akin to having a digital insurance policy. Be it cloud storage or an external drive, keeping a backup copy to fall back on if things go south is crucial.

Beware of phishing scams – Stay sharp, and don’t take the bait when it comes to phishing scams. The general rule of thumb is: If it looks fishy, it probably is. 

Download software only from trusted sources - When downloading software, think of it like online shopping. You’d only buy from trusted stores, right? Similarly, always stick to the Mac App Store or verified developers’ websites.

Switch off automatic file opening – It may seem convenient, but it’s akin to leaving your front door open.

Safari: Head to Safari > Settings > General and uncheck ‘Open “safe” files after downloading’ at the very bottom of the page 

Chrome: Head to Chrome. See those three dots (…)? Click on them. > Click on “Settings > Click downloads. Then toggle On “Ask where to save each file before downloading” 

Microsoft Edge: Head to Microsoft Edge. Go all the way to the right in your Edge browser, and see those three dots (…). Click on them. Scroll down to “Settings,” and click on it. Scroll down to “downloads,” and click on it. Toggle On “Ask me what to do with each download” 

 HOW TO BACKUP YOUR MAC COMPUTER 

What to do if your device is infected 

What if you’re already a victim of this cyber villain? Here’s your action plan: 

Step 1: Detect and Delete Malware – If you suspect your system has been compromised, run a full scan with your antivirus software. It should detect the malware, and most antivirus software will offer you an option to remove it. 

Step 2: Change All Passwords – For your most sensitive accounts – banking, email, and social media – it’s time to mix things up. Every account needs a strong, unique password. Sounds daunting, doesn’t it? This is where a password manager comes to the rescue. 

Think of a password manager as a secure digital notebook. It remembers all of your complex passwords for you; all you need to know is one master password to access them. It can also generate hard-to-crack passwords, ensuring that each of your accounts is well-protected. 

Moreover, many password managers can automate the password-changing process and offer additional security features. They keep a lookout for leaked passwords and discourage password reuse, thereby enhancing your online security. They make recovering from a malware attack a less stressful ordeal and fortify your defenses against future threats. 

What qualities should I look for in a password manager? 

When it comes to choosing the best password manager for you, here are some of my top tips: 

Check out my best expert-reviewed password managers of 2023 by heading to Cyberguy.com/Passwords. 

HOW TO FIND ANYTHING ON AN APPLE IPHONE, IPAD AND MAC 

Step 3: Inform Your Bank – If your financial information was compromised, reach out to your bank immediately. They can help monitor your accounts for suspicious activity and guide you through the next steps, which might include freezing your accounts or issuing new cards. 

Step 4: Monitor Your Accounts – Keep a close eye on all of your accounts for any unusual activities. If you notice anything suspicious, report it immediately. Be sure to sign up for text alerts with your banking provider for an extra layer of security. 

Kurt’s key takeaways 

You’re not powerless in the face of this cyber-bandit, not by a long shot. With vigilant software updates, a sturdy antivirus, constant data backups, smart web browsing habits and the magic of password managers, you can keep your digital fortress secure. But remember, this isn’t a one-and-done deal. Cybersecurity is a constant endeavor, with new villains popping up just as the old ones are taken down. 

Are there any cybersecurity habits or tools you swear by to keep your Mac safe? Have you had a brush with ShadowVault or any other sneaky malware? What steps did you take to overcome it? Let us know by writing us at CyberGuy.com/Contact. 

For more of my security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter. 

Copyright 2023 CyberGuy.com. All rights reserved.