shadowvault

ShadowVault, a new malware specifically targeting macOS devices, has been recently identified by Guardz Cyber Intelligence Research (CIR). Discovered in June 2023 and prominently advertised on Russian-language cybercriminal forums for $500 per month, ShadowVault is capable of stealing sensitive information such as usernames, passwords, credit card data, and crypto wallet details. The malware operates as a Hidden Virtual Network Computing (HVNC) tool, enabling remote access and control over a victim's Mac without their knowledge. This discovery has significant implications for small and medium-sized enterprises (SMEs), where macOS devices are commonly used. The identification of ShadowVault was facilitated by ChatGPT, an AI developed by OpenAI, which was directed by Guardz researchers to search Russian cybercrime forums. Sellers of ShadowVault claim it can provide full access to a target's machine, with the option to add additional capabilities for extra fees. ShadowVault's developers also offer a build signed with a legitimate Apple Developer signature for an additional cost, increasing its potential to bypass security measures. Despite allegations from the initial advertiser of Atomic Stealer that the ShadowVault listing was a scam copied from previously advertised "OSX" malware, no evidence has been found to support this claim. Following the emergence of ShadowVault, another infostealer malware named "Realst" surfaced, being implemented into fake blockchain games by cybercriminals in a large-scale campaign targeting both Windows and macOS users, including those on macOS 14 Sonoma. These developments underline the growing threat of sophisticated malware targeting macOS devices.