ShadowVault Threatens macOS Devices with Data Theft

Welcome to Cybersecurity Quick News Summary and Mitigation Measures:

2 min readJul 11, 2023
Photo by Aditya Joshi on Unsplash

If you use an Apple device, you might want to pay attention to this. A new infostealer program called ShadowVault is targeting macOS devices and stealing passwords, credit card details, cookies, and browser information from them.

Dark web advertisement on XSS underground forum offers ShadowVault’s criminal services for $500 a month

ShadowVault is available for hire on the dark web for $500 a month, and it’s not the only one. Another infostealer program, Atomic, was detected in April, exclusively going after macOS devices.

This means that macOS is no longer as secure as it used to be. Infostealer malware has traditionally targeted Microsoft Windows devices, but now they are shifting to Apple products instead.

Recently Cybersecurity firm Guardz investigators discovered ShadowVault on the dark web forum XSS, Dor Eisner, CEO and co-founder of Guardz said :

“SMEs ( small & medium enterprises) should never assume they aren’t lucrative targets or take their devices’ and systems’ security for granted. In fact, SMEs are the main victims of the new generation of cyber threats,”

Mitigation Measures:

So what can you do to protect yourself and your business from ShadowVault and other infostealer malware? Here are some tips from Guardz, the cybersecurity firm that discovered ShadowVault:

  1. Keep Software Updated: Regularly update your operating system, applications, and security software to benefit from the latest patches and protections.
  2. Use Strong Passwords: Create and maintain strong, unique passwords for all accounts and consider utilizing a password manager for enhanced security.
  3. Exercise Caution: Be cautious when opening email attachments and downloading files from unknown or suspicious sources to avoid malware infections.
  4. Enable Two-Factor Authentication (2FA): Add an extra layer of security by enabling 2FA whenever possible to prevent unauthorized access.
  5. Educate Employees: Provide cybersecurity training to employees, emphasizing the identification of phishing attempts, avoidance of suspicious links, and reporting of potential threats.
  6. Deploy Comprehensive Security Solutions: Invest in robust cybersecurity solutions with advanced threat detection and response mechanisms to detect and mitigate potential risks effectively.
  7. Lastly, Never assume you aren’t a lucrative target or take your security for granted.

As a cybersecurity expert, I can help you implement these tips and more. Contact me for a free consultation.

Link to news article: