Rise in Online Fraud Prompts Warning of New Mac Malware Capable of Stealing Funds
India has witnessed a surge in cyber crimes, including online scams, in recent months. According to a report, a man from Mumbai lost Rs. 2.65 lakh after falling victim to an online scam while purchasing sweets. This incident is reminiscent of actress Shubhangi Atre’s experience last year, where she lost Rs. 2.24 lakh to a similar scam. These cases serve as a reminder that no one is immune to these cyber criminals, and even seemingly harmless activities like buying sweets can lead to the loss of one’s life savings. Adding to the concern, a new dangerous Mac malware called ShadowVault has emerged, capable of stealing sensitive data. To exacerbate the situation, some malicious individuals are distributing this malware to cybercriminals for a monthly fee of $500.
What is ShadowVault Malware?
ShadowVault is a data warehouse malware that targets vulnerable and unprotected MacBooks, according to a report by Tom’s Guide. Security research firm Guardz first discovered this malware in a dark web forum frequented by cybercriminals looking for new malware. In a blog post on how the malware works, the company wrote, “ShadowVault runs silently in the background of compromised macOS devices and collects all kinds of valuable information, including login credentials, financial data, personal identification information, and more.”
The malware is also capable of stealing passwords, credit card information, cookies and much more from different browsers as well.
Malware distribution model
What makes the malware more dangerous is that instead of being created and used by one group of hackers, ShadowVault is distributed to other cybercriminals who need new malware to steal from innocent people. According to the report, cybercriminals are charged $500 (roughly Rs. 41,000) per month to gain access to this malware.
Online scams on the rise you should know about
ShadowVault is just one of many malware and other phishing tricks scammers use to steal money from unsuspecting victims. Although this malware-based attack does not actually approach the victim personally, there are online scammers who do and trick people out of their money. These scams can be as dangerous as anything.
Just yesterday, an Indian Express report revealed how a man was offered a franchise of an MNC chain of pizza restaurants by online fraudsters and ended up losing a whopping Rs. 1 crore!
In another such incident in March 2023, a 58-year-old man from Mumbai tried to order sweets online but fell victim to an online scam, reported the Free Press Journal.
After calling what he thought was a sweet shop, he received a malicious link on WhatsApp and was asked to follow instructions and use a credit card to pay for sweets. After selecting sweets she was asked for credit card details and OTP for payment and she gave the same. Soon Rs. 1.28 lakh was deducted from his account. When he inquired about the WhatsApp number, he was told that it was a mistake and he would be refunded and sent another OTP. After he entered the code, another Rs. 1.28 lakh was embezzled from the victim’s account.
In another very similar incident, yesterday, July 11, a Mumbai doctor was duped of Rs. 1.4 lakh when he tried to order 25 plates of samosas, according to a Times of India report.
How to stay safe?
The need of the hour is to be vigilant and protect yourself from such online scams or malware attacks. It’s harder to get your data or money back once you’ve fallen for a trap, but it’s much easier to avoid. Check out these easy but important tips below.
1. Always make sure your device, be it a smartphone or laptop, has the latest antivirus/security patch installed.
2. Never click on a link you receive on WhatsApp or similar messaging apps or emails unless you know the sender personally. Actually, check again.
3. Don’t keep all your sensitive data on the same device or network. Try to keep some of the more important data offline if possible.
4. Always keep 2-step authentication enabled. Change your password regularly. And always use a random alphanumeric string as a password.
5. When ordering online, always use trusted channels like Zomato and Swiggy or the store’s official website to place the order.