shadowvault

Malware Profile Updated 2 months ago
Download STIX
Preview STIX
ShadowVault, a new malware specifically targeting macOS devices, has been recently identified by Guardz Cyber Intelligence Research (CIR). Discovered in June 2023 and prominently advertised on Russian-language cybercriminal forums for $500 per month, ShadowVault is capable of stealing sensitive information such as usernames, passwords, credit card data, and crypto wallet details. The malware operates as a Hidden Virtual Network Computing (HVNC) tool, enabling remote access and control over a victim's Mac without their knowledge. This discovery has significant implications for small and medium-sized enterprises (SMEs), where macOS devices are commonly used. The identification of ShadowVault was facilitated by ChatGPT, an AI developed by OpenAI, which was directed by Guardz researchers to search Russian cybercrime forums. Sellers of ShadowVault claim it can provide full access to a target's machine, with the option to add additional capabilities for extra fees. ShadowVault's developers also offer a build signed with a legitimate Apple Developer signature for an additional cost, increasing its potential to bypass security measures. Despite allegations from the initial advertiser of Atomic Stealer that the ShadowVault listing was a scam copied from previously advertised "OSX" malware, no evidence has been found to support this claim. Following the emergence of ShadowVault, another infostealer malware named "Realst" surfaced, being implemented into fake blockchain games by cybercriminals in a large-scale campaign targeting both Windows and macOS users, including those on macOS 14 Sonoma. These developments underline the growing threat of sophisticated malware targeting macOS devices.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Infostealer ...
Macos
Cybercrime
Vulnerability
Scam
Phishing
Maas
XSS (Cross S...
Safari
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Atomic StealerUnspecified
1
The Atomic Stealer is a type of malware that is designed to exploit and damage computer systems, often infiltrating them through suspicious downloads, emails, or websites. Recently, a new version of the macOS Atomic Stealer has been distributed via a malvertising campaign, as reported on June 27, 20
Atomic Macos StealerUnspecified
1
The Atomic macOS Stealer (AMOS) is a powerful new malware that emerged in early 2023, targeting Apple users. It was discovered by Cyble Research and Intelligence Labs (CRIL) in April of the same year when it was advertised for sale on Telegram. AMOS can steal various types of information from infect
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the shadowvault Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
10 months ago
5 macOS Infostealers Making Waves Right Now
CERT-EU
a year ago
US is number one for ransomware attacks, 7x more than the next country - 9to5Mac
CERT-EU
a year ago
AAPI Nonprofit Database, Motorcycle Technical Documentation, Viberary, More: Friday ResearchBuzz, August 4, 2023
CERT-EU
a year ago
New Russian-backed Mac malware found on dark web...by ChatGPT
CERT-EU
a year ago
All the Mac malware we know about
CERT-EU
a year ago
Guardz Identifies New macOS hVNC Malware, Revealing Emerging Trend of macOS Attack-as-a-Service Tools – Global Security Mag Online
CERT-EU
a year ago
News Alert: Guardz uncovers new macOS malware – Hidden Virtual Network Computing (hVNC)
CERT-EU
a year ago
Apple Users Open to Remote Control via Tricky macOS Malware
CERT-EU
a year ago
Massive macOS Campaign Targets Crypto Wallets, Data
CERT-EU
a year ago
Realst Mac malware targets macOS Sonoma, here's how to stay safe
CERT-EU
a year ago
New 'ShadowVault' macOS malware steals passwords, crypto, credit card data
CERT-EU
a year ago
New Mac malware threat steals financial details, logins, and more
CERT-EU
a year ago
ShadowVault macOS Stealer surfaces as the newest sophisticated Mac malware