Guardz Identifies New ‘ShadowVault’ macOS Stealer Malware
July 2023 by Guardz
Guardz disclosed the existence of a new information stealing malware known as ‘ShadowVault,’ available for rent on the dark web’s popular XSS forum. The malware is capable of stealing sensitive data from macOS-based devices, posing a significant threat to businesses and individuals alike.
Information stealing malware has long targeted Microsoft Windows devices, while macOS has been considered a more secure operating system. As a result, cyber threat actors tended to develop malware, info-stealers, and other harmful tools for Windows, as this offered them a more scalable opportunity. However, the market has begun to shift. In April, the info-stealing malware ‘Atomic,’ which exclusively targets macOS devices, was discovered on the dark web, hinting at the changing status quo. Small and medium-size businesses, who once perceived macOS devices as the safer choice, are primed to feel the effects.
Guardz’s research team first identified the ‘ShadowVault’ info-stealer in the underground XSS forum in June 2023. The malicious software is designed to secretly collect sensitive information from compromised systems – like login credentials, financial information, personal identification details, cryptocurrency wallet seed phrases, and more, with the potential to wreak havoc on systems and disrupt operations. The Guardz team of experts has long maintained anonymous avatars on the dark web to fuel its research in protecting SMEs from rising cyber threats such as this. In doing so, Guardz was able to obtain access to the exclusive forum and identify the new macOS stealer, originally available for rent at $500/month.
The identification of the new info-stealer, which points to the emergence of macOS stealers on a wider scale, will enable Guardz and other cyber defenders to further enhance their solutions and protect their clients from this new, rising breed of cyber threats. Guardz has already deployed countermeasures to protect their clients, providing real-time threat detection and rapid response capabilities to mitigate the risks posed by the ‘ShadowVault’ malware.