This new Mac malware is stealing passwords, credit card info and more — how to stay safe

MacBook Pro 2021 (16-inch) on a patio table
(Image credit: Tom's Guide)

Cybercriminals have created a new infostealer malware which they’re now using to target vulnerable Macs in an attempt to steal passwords, credit card info and other sensitive data.

First discovered by the cybersecurity firm Guardz last month, this new infostealer was dubbed ShadowVault. The malware, which is distributed using a Malware-as-a-Service model, can be purchased by other hackers to use in their attacks for the low price of just $500 a month.

Security researchers at Guardz first found ShadowVault on a popular dark web forum frequented by cybercriminals looking for malware to use in their attacks. In a blog post, the firm explained that “ShadowVault silently works in the background of compromised macOS devices, picking up all sorts of valuable information such as login IDs, financial data, personally identifiable information, and more.”

In addition to macOS’ built-in password manager Keychain, the malware is also capable of extracting passwords, cookies, credit card info, crypto wallet data and more from Google Chrome, Microsoft Edge, Brave, Vivaldi, Opera and other Chromium-based browsers. However, ShadowVault can extract sensitive files from compromised Macs too.

Targeting Macs with infostealer malware

While Guardz has yet to provide any additional information on how ShadowVault is currently being distributed, the fact that this malware primarily targets Macs is a big change in the infostealer landscape.

Traditionally, infostealers have gone after the best Windows laptops and other computers running Microsoft’s operating system. Now though, cybercriminals have shifted their focus to the best MacBooks since those willing to pay the Apple Tax likely have more money for them to steal.

Macs were previously considered safer than Windows PCs since there was less malware developed specifically to target them. That no longer appears to be the case though as we’ve now seen the Dridex malware and other malware strains which were designed for Windows being ported to macOS.

If you use a Mac as opposed to a Windows PC, the days of thinking that you’re safe from malware just because you’re in Apple’s ecosystem instead of Microsoft’s are over.

How to keep your Mac safe from malware

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

Just like with Windows Defender which ships with all PCs, Apple includes its own antivirus software called XProtect with every Mac it sells. Macs also have a built-in malware scanner called Gatekeeper to help keep you safe.

However, as the malware used by cybercriminals is becoming more advanced, you might also want to consider using one of the best Mac antivirus software solutions alongside XProtect and Gatekeeper. Mac antivirus software is updated more regularly and can help spot any viruses that Apple’s built-in security software might miss.

If you also have one of the best iPhones you want to keep safe, unfortunately there isn’t an iOS equivalent of the best Android antivirus apps due to Apple’s own restrictions when it comes to scanning for malware. However, the Mac security firm Intego has a workaround for this and both Intego Mac Premium Bundle X9 and Intego Mac Internet Security X9 can scan an iPhone or iPad for malware when they’re connected to a Mac via a USB cable.

Even though we don’t know how ShadowVault is being spread yet, you need to be careful when downloading new files online, clicking on links in emails and messages or opening attachments from unknown senders to prevent your Mac from ending up with a nasty malware infection.

More from Tom's Guide

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
MacBook Pro 2021 (16-inch) on a patio table
Millions of Mac owners urged to be on alert for info-stealing malware
Malware
New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe
and image of the Google Chrome logo on a laptop
Google Docs under attack from info-stealing malware — how to keep your data and your emails safe
MacBook Pro 2021 (16-inch) on a patio table
Macs under attack from dangerous malware targeting digital wallets and Apple’s Notes app — how to stay safe
A hacker typing quickly on a keyboard
Hackers are posing as Apple and Google to infect Macs with malware — don’t fall for these fake browser updates
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Latest in Malware & Adware
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
A person trying to set up a new Wi-Fi router
Thousands of TP-Link routers have been infected by a botnet to spread malware
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Latest in News
The Signal app logo displayed on an iPhone, with a screenshot of the Signal app in use displayed on a monitor in the background.
Signal — everything you need to know about the app at the center of the group chat scandal
Robert Downey Jr. revealed as Doctor Doom for "Avengers: Doomsday"
Marvel reveals 'Avengers: Doomsday' casting — follow the latest updates live
Wyze Cam v3
Wyze adds AI-powered filter to its security cameras to cut down on notifications that are “no big deal”
Mark Grayson (Steven Yeun) as Invincible in his blue suit during a scene from "Invincible" season 3 on Prime Video.
'Invincible' season 4 release window just announced — here's when it's coming
Microsoft Copilot app running on a phone with Microsoft logo in background
Microsoft 365 Copilot debuts new research tools for work: here's what that means
COLUMBUS, OHIO - JANUARY 26: Amber Glenn skates in the Women's Free Skate during the U.S. Figure Skating Championships at Nationwide Arena on January 26, 2024 in Columbus, Ohio. (Photo by Matthew Stockman/Getty Images)
Watch World Figure Skating Championships 2025 online – live stream, schedule, what TV channel is it on?