New macOS malware steals bank info, crypto wallets & much more
A newly-spotted security threat called ShadowVault works in the background on macOS to access logins, banking details, and more personal data.
Malware illustration
Macs have traditionally been less targeted by malware developers in part because of the security in macOS, and partly because it's presented a smaller target than Windows. It's still the case that Macs have fewer malware issues than PCs, but also it's being targeted by different types of security threats.
Now according to Guardz Cyber Intelligence Research (CIR), a new specific threat to macOS has been uncovered. CIR claims to have used "sophisticated covert operations" in order to identify ShadowVault while it was still being developed.
It's not clear whether ShadowVault has been seen in active use, nor how it is intended to be delivered once in the wild. Since it runs in the background on Macs, though, users presumably have to be tricked into downloading and running it.
ShdaowVault's technical specifications (source: CIR)
When discovered, ShadowVault was being offered for sale for $500 for one month. It claims to be able to extract "passwords, cookies, credit cards, wallets," and "all Chromium-based extensions."
How to protect yourself from ShadowVault
AppleInsider has a thorough guide to protecting Macs against malware, phishing and more. In short, users can prevent security threats by being wary of anything unexpected -- and not following links or opening files unless certain they are genuine.
Many phishing attempts will be easily recognizable, but if in doubt, users should look for issues such as company names being spelt correctly in emails. Typing mistakes still seem to convince junk filters that the mail is from a real human being, but companies do not misspell their names.
They also don't include links to anywhere suspicious. While users should never click on a suspicious link, they can hover the mouse cursor over the link and see where it would really take them.
CIR says ShadowVault was specifically built to steal data from macOS devices. Describing it has having "potent capabilities," CIR also claims to have developed countermeasures for its clients.
Apple has not commented on ShadowVault.
Read on AppleInsider
Comments
https://www.uptycs.com/blog/what-is-meduza-stealer-and-how-does-it-work
https://cointelegraph.com/news/hodlers-beware-new-malware-targets-metamask-and-40-other-crypto-wallets
https://www.techradar.com/news/google-removes-crypto-stealing-chrome-extensions-from-its-web-store
They can replace or modify a crypto browser extension to look like the official one and get you to enter the seed phrase.
They can also try to extract data from the extension, people don't need to input the seed phrase every time they use a browser crypto wallet so some extensions are storing authentication details and that can be stolen to access the wallet.
They can intercept wallet communication so the next time a transaction is made, it can send a different amount to a different destination.
They can compromise emails that are used to access online crypto exchanges, maybe some emails have QR codes.
They can put keyloggers in place to track any time a seed phrase is pasted somewhere.
But they are not hacking the Blockchain, they are tricking stupid people. Hacking a system and Tricking illiterates are Apples and Oranges. Pick-Pocketing and voluntarily giving away your wallet would be the nearest comparison. Why would you put your words on your device? And you can't even do that on a Hard wallet. It's not Malware. Ledger gives you a beautiful little note pad to WRITE the 11 words down. And who walks around with 80k on their Hard wallet? Always connected? Why would you make transactions in Public? It's simply fake news.