As online scams skyrocket, new Mac malware emerges; can steal your money
In the last few months, India has seen a surge in online scams and other forms of related cyber crimes. In a recent incident, a Mumbai man lost Rs. 2.65 lakh after he fell for an online scam while ordering sweets, as per a report. Last year, actress Shubhangi Atre also fell victim to a similar scam and lost Rs. 2.24 lakh. These incidents highlight the fact that nobody is safe from these cyber criminals and something as innocent as buying sweets can also trap you into losing your life’s savings. At a time like this, a new dangerous Mac malware, dubbed ShadowVault, has emerged that can steal your sensitive data. To make matters worse, some bad actors are also distributing it among cybercriminals for a monthly fee of $500.
What is ShadowVault malware?
ShadowVault is an infostealer malware that targets vulnerable and unsecured MacBooks, as per a report by Tom’s Guide. Guardz, a security research firm, first found this malware in a dark web forum frequented by cyber criminals who are looking for new malware. Explaining how the malware works, the firm wrote in a blog post, “ShadowVault silently works in the background of compromised macOS devices, picking up all sorts of valuable information such as login IDs, financial data, personally identifiable information, and more”.
The malware is also capable of stealing passwords, credit card information, cookies, and more from different browsers as well.
Malware distribution model
What makes this malware more dangerous is that instead of one group of hackers making it and using it, ShadowVault is being distributed to other cybercriminals who are in need of new malware to steal from innocent people. As per the report, cybercriminals are being charged $500 (roughly Rs. 41,000) per month to get access to this malware.
Rising online scams that you should know about
ShadowVault is merely one among many such malware and other phishing tricks that scammers make use of to steal money from unsuspecting victims. While this malware-based attack does not actually approach the victim in person, there are online scammers that do and dupe people into parting with their money. These scams can be as dangerous as any.
Just yesterday, an Indian Express report revealed how a man was offered a franchise of an MNC pizza restaurant chain by online scammers and he ended up losing a whopping Rs. 1 crore!
In yet another such case, In March 2023, a 58-year-old man from Mumbai was trying to order sweets online, but ended up being a victim of an online scam, reports Free Press Journal.
After calling what he thought was a sweet shop, he received a malicious link on WhatsApp and was asked to follow the steps and use a credit card to pay for the sweets. After choosing the sweets, he was asked for his credit card information along with an OTP for the payment, and he provided the same. Soon, Rs. 1.28 lakh was deducted from his account. When he enquired on the WhatsApp number, he was told that it was a mistake and he will be returned the money and was sent another OTP for it. After he provided the code, another Rs. 1.28 lakh was stolen from the victim’s account.
In another very similar incident, yesterday, July 11, a Mumbai doctor was duped of Rs. 1.4 lakh while he was trying to order 25 plates of samosas, as per a report by the Times of India.
How to stay safe?
The need of the hour is to be vigilant and protect yourself from such online scams, or malware attacks. It is harder to recover the data or the money once you have fallen for a trap, but it is much easier to avoid it. Check these easy, yet important, tips below.
1. Always make sure your device, be it a smartphone or a laptop, has the latest antivirus/security patch installed.
2. Never click on a link you receive either on WhatsApp or similar messaging apps or emails, unless you personally know the sender. In fact, verify once still.
3. Try not to keep all your sensitive information on the same device or network. Try to keep some of the more important data offline, if possible.
4. Always keep 2-factor authentication enabled. Keep changing your password regularly. And always keep a random alphanumeric string as your password.
5. When ordering online, always go through trusted channels such as Zomato and Swiggy, or the official website of the store in order to place an order.
In the last few months, India has seen a surge in online scams and other forms of related cyber crimes. In a recent incident, a Mumbai man lost Rs. 2.65 lakh after he fell for an online scam while ordering sweets, as per a report. Last year, actress Shubhangi Atre also fell victim to a similar scam and lost Rs. 2.24 lakh. These incidents highlight the fact that nobody is safe from these cyber criminals and something as innocent as buying sweets can also trap you into losing your life’s savings. At a time like this, a new dangerous Mac malware, dubbed ShadowVault, has emerged that can steal your sensitive data. To make matters worse, some bad actors are also distributing it among cybercriminals for a monthly fee of $500.
What is ShadowVault malware?
ShadowVault is an infostealer malware that targets vulnerable and unsecured MacBooks, as per a report by Tom’s Guide. Guardz, a security research firm, first found this malware in a dark web forum frequented by cyber criminals who are looking for new malware. Explaining how the malware works, the firm wrote in a blog post, “ShadowVault silently works in the background of compromised macOS devices, picking up all sorts of valuable information such as login IDs, financial data, personally identifiable information, and more”.
The malware is also capable of stealing passwords, credit card information, cookies, and more from different browsers as well.
Malware distribution model
What makes this malware more dangerous is that instead of one group of hackers making it and using it, ShadowVault is being distributed to other cybercriminals who are in need of new malware to steal from innocent people. As per the report, cybercriminals are being charged $500 (roughly Rs. 41,000) per month to get access to this malware.
Rising online scams that you should know about
ShadowVault is merely one among many such malware and other phishing tricks that scammers make use of to steal money from unsuspecting victims. While this malware-based attack does not actually approach the victim in person, there are online scammers that do and dupe people into parting with their money. These scams can be as dangerous as any.
Just yesterday, an Indian Express report revealed how a man was offered a franchise of an MNC pizza restaurant chain by online scammers and he ended up losing a whopping Rs. 1 crore!
In yet another such case, In March 2023, a 58-year-old man from Mumbai was trying to order sweets online, but ended up being a victim of an online scam, reports Free Press Journal.
After calling what he thought was a sweet shop, he received a malicious link on WhatsApp and was asked to follow the steps and use a credit card to pay for the sweets. After choosing the sweets, he was asked for his credit card information along with an OTP for the payment, and he provided the same. Soon, Rs. 1.28 lakh was deducted from his account. When he enquired on the WhatsApp number, he was told that it was a mistake and he will be returned the money and was sent another OTP for it. After he provided the code, another Rs. 1.28 lakh was stolen from the victim’s account.
In another very similar incident, yesterday, July 11, a Mumbai doctor was duped of Rs. 1.4 lakh while he was trying to order 25 plates of samosas, as per a report by the Times of India.
How to stay safe?
The need of the hour is to be vigilant and protect yourself from such online scams, or malware attacks. It is harder to recover the data or the money once you have fallen for a trap, but it is much easier to avoid it. Check these easy, yet important, tips below.
1. Always make sure your device, be it a smartphone or a laptop, has the latest antivirus/security patch installed.
2. Never click on a link you receive either on WhatsApp or similar messaging apps or emails, unless you personally know the sender. In fact, verify once still.
3. Try not to keep all your sensitive information on the same device or network. Try to keep some of the more important data offline, if possible.
4. Always keep 2-factor authentication enabled. Keep changing your password regularly. And always keep a random alphanumeric string as your password.
5. When ordering online, always go through trusted channels such as Zomato and Swiggy, or the official website of the store in order to place an order.
Denial of responsibility! Techno Blender is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.