If you thought your Mac was invincible, it’s time to reconsider. Sneaky malware is lurking, ready to grab your personal information and rush in with your credit card details. What fuels this digital banditry? A growing trend called crimeware-as-a-service (sometimes called MaaS) against macOS.
You read correctly; even cybercrime is now available as a service.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK TIPS, TECHNICAL ADVICE AND EASY FEEDBACK TO MAKE YOU SMARTER
ShadowVault: the deceptive malware that steals your data
Now, this isn’t your ordinary villain. He’s a wolf in sheep’s clothing, acting friendly while secretly plotting to steal your precious data. The malware goes by the name ShadowVault, and it’s not just your backyard cyber thief. It’s more like a spy, sneaking into your system unnoticed while secretly planning his heist. It insidiously minds its own business on compromised Mac devices, siphoning valuable information such as usernames and passwords, stored credit card information, data from crypto wallets and so on. The worst ? Criminals can subscribe for $500 per month to access and use this malware.
Who discovered the ShadowVault malware?
cybersecurity company Keep discovered the ShadowVault malware via the XSS forum on the dark web, where it was offered to anyone willing to pay $500 a month to rent the malware.
Apple’s response to this malware threat
Apple, as a matter of principle, generally does not comment on security issues, especially when a threat has not been patched. We reached out to Apple to try and get a comment on the whole ShadowVault malware situation, but they didn’t get back to us by our deadline. What’s funny is that Apple released an emergency update for macOS 13.4.1 (Also as iOS 16.5.1 And iPad OS 16.5.1) Monday. However, they had to remove it because it would have caused issues with web applications. The security notes for the update don’t seem to mention anything about ShadowVault though, so it’s unlikely they’re related.
How to protect yourself from malware
Don’t panic yet. There are ways to combat and secure your cyber domain. So how do you keep these digital desperadoes at bay? Let’s break it down.
HOW TO FIND YOUR LOST MACBOOK
Keep your software up to date – Apple has protections built into macOS and releases security patches through updates. It is therefore a good idea to install them as soon as they are released. To update, go to System Parametersof apple menu then click General. Then click on Software update to check for updates. If updates are available, click the Update now button to install them.
Antivirus software is your best friend – Having a reliable antivirus is like owning a watchdog for your digital home. Although Macs are pretty tough cookies, an extra layer of protection wouldn’t hurt. See my expert opinion on the best virus protection for your Windows, Mac, Android and iOS devices heading towards Cyberguy.com/LockUpYourTech
Don’t forget to back up your data – Regularly backing up your crucial data is like having a digital insurance policy. Whether it’s cloud storage or an external drive, it’s crucial to keep a backup copy to fall back on if things go wrong.
Beware of phishing scams – Stay vigilant and don’t take the bait when it comes to phishing scams. The general rule is: if it sounds fishy, it probably is.
Download software only from trusted sources – When you download software, treat it as an online purchase. You would only buy from trusted stores, right? Likewise, always stick to the Mac App Store or verified developer websites.
Disable automatic opening of files – This may sound convenient, but it’s like leaving your front door open.
Safari: Head to Safari > Settings > General and uncheck “Open ‘safe’ files after downloading” at the very bottom of the page
Chromium: Head to Chrome. Do you see those three dots (…)? Click on it. > Click on “Settings > Click on downloads”. Then enable “Ask where to save each file before downloading”
Microsoft Edge: Head to Microsoft Edge. Go all the way to the right in your Edge browser and see these three dots (…). Click on it. Scroll down to “Settings” and click on it. Scroll down to “downloads” and click on it. Enable “Ask me what to do with every download”
HOW TO BACK UP YOUR MAC COMPUTER
What to do if your device is infected
What if you were already a victim of this cyber-villain? Here is your action plan:
Step 1: Detect and remove malware – If you think your system has been compromised, run a full scan with your anti-virus software. It should detect the malware and most anti-virus software will give you an option to remove it.
Step 2: Change all passwords – For your most sensitive accounts – bank, email and social media – it’s time to mix things up. Every account needs a strong and unique password. Sounds daunting, doesn’t it? This is where a password manager comes to the rescue.
Think of a password manager as a secure digital notebook. It remembers all your complex passwords for you; all you need to know is a master password to access it. It can also generate hard-to-crack passwords, ensuring that each of your accounts is well protected.
Additionally, many password managers can automate the password change process and offer additional security features. They monitor password leaks and discourage password reuse, improving your online security. They make recovering from a malware attack less stressful and strengthen your defenses against future threats.
What qualities should I look for in a password manager?
When it comes to choosing the best password manager for you, here are some of my top tips:
- Deploy safely
- Works seamlessly on all your devices
- Create unique complicated passwords which are different for each account
- Automatically fills login and password fields for apps and sites you revisit
- Has a browser extension for all browsers you use to automatically insert passwords for you
- Allows a fail-safe in case of loss or forgetting of the main password
- Checks that your existing passwords remain secure and alert you if ever compromised
- Usestwo-factor authenticationsecurity
Check out my best expert-reviewed password managers of 2023 by heading to Cyberguy.com/Passwords.
HOW TO FIND ANYTHING ON AN APPLE IPHONE, IPAD AND MAC
Step 3: inform your bank– If your financial information has been compromised, contact your bank immediately. They can help you monitor your accounts for suspicious activity and guide you through next steps, which may include freezing your accounts or issuing new cards.
Step 4: Monitor your accounts– Keep an eye on all your accounts for any unusual activity. If you notice anything suspicious, report it immediately. Be sure to sign up for SMS alerts with your banking provider for an extra layer of security.
Kurt’s main takeaways
You are not powerless against this cyber-bandit, far from it. With vigilant software updates, robust antivirus, constant data backups, smart web browsing habits, and the magic of password managers, you can protect your digital fortress. But remember, this is not a one-time deal. Cybersecurity is a constant effort, with new baddies appearing just as old ones are being taken down.
Are there any cybersecurity habits or tools you swear by to keep your Mac safe? Have you had any contact with ShadowVault or any other sneaky malware? What steps have you taken to overcome it?Let us know by writing to us at CyberGuy.com/Contact.
CLICK HERE TO GET THE FOX NEWS APP
For more of my security alerts, subscribe to my free CyberGuy Report newsletter by going to Cyberguy.com/Newsletter.
Copyright 2023 CyberGuy.com. All rights reserved.