This new Mac malware is stealing passwords, credit card info and more — how to stay safe

MacBook Pro 2021 (16-inch) on a patio table
(Image credit: Tom's Guide)

Cybercriminals have created a new infostealer malware which they’re now using to target vulnerable Macs in an attempt to steal passwords, credit card info and other sensitive data.

First discovered by the cybersecurity firm Guardz last month, this new infostealer was dubbed ShadowVault. The malware, which is distributed using a Malware-as-a-Service model, can be purchased by other hackers to use in their attacks for the low price of just $500 a month.

Security researchers at Guardz first found ShadowVault on a popular dark web forum frequented by cybercriminals looking for malware to use in their attacks. In a blog post, the firm explained that “ShadowVault silently works in the background of compromised macOS devices, picking up all sorts of valuable information such as login IDs, financial data, personally identifiable information, and more.”

In addition to macOS’ built-in password manager Keychain, the malware is also capable of extracting passwords, cookies, credit card info, crypto wallet data and more from Google Chrome, Microsoft Edge, Brave, Vivaldi, Opera and other Chromium-based browsers. However, ShadowVault can extract sensitive files from compromised Macs too.

Targeting Macs with infostealer malware

While Guardz has yet to provide any additional information on how ShadowVault is currently being distributed, the fact that this malware primarily targets Macs is a big change in the infostealer landscape.

Traditionally, infostealers have gone after the best Windows laptops and other computers running Microsoft’s operating system. Now though, cybercriminals have shifted their focus to the best MacBooks since those willing to pay the Apple Tax likely have more money for them to steal.

Macs were previously considered safer than Windows PCs since there was less malware developed specifically to target them. That no longer appears to be the case though as we’ve now seen the Dridex malware and other malware strains which were designed for Windows being ported to macOS.

If you use a Mac as opposed to a Windows PC, the days of thinking that you’re safe from malware just because you’re in Apple’s ecosystem instead of Microsoft’s are over.

How to keep your Mac safe from malware

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

Just like with Windows Defender which ships with all PCs, Apple includes its own antivirus software called XProtect with every Mac it sells. Macs also have a built-in malware scanner called Gatekeeper to help keep you safe.

However, as the malware used by cybercriminals is becoming more advanced, you might also want to consider using one of the best Mac antivirus software solutions alongside XProtect and Gatekeeper. Mac antivirus software is updated more regularly and can help spot any viruses that Apple’s built-in security software might miss.

If you also have one of the best iPhones you want to keep safe, unfortunately there isn’t an iOS equivalent of the best Android antivirus apps due to Apple’s own restrictions when it comes to scanning for malware. However, the Mac security firm Intego has a workaround for this and both Intego Mac Premium Bundle X9 and Intego Mac Internet Security X9 can scan an iPhone or iPad for malware when they’re connected to a Mac via a USB cable.

Even though we don’t know how ShadowVault is being spread yet, you need to be careful when downloading new files online, clicking on links in emails and messages or opening attachments from unknown senders to prevent your Mac from ending up with a nasty malware infection.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.