Criminals Can Rent Malware to Steal Your Passwords and Financial Details

Surprise, surprise. Hackers can now steal your credit card info, passwords, and other sensitive data for 500 bucks a month. The costs for cybercriminals are decreasing, and the cyberattacks keep increasing. The newest actor on the cybersecurity stage is malware-as-a-service, and it looks like it will be the main villain for the next few years.

Malware as a Service

ShadowVault is a new infostealer recently discovered by the cybersecurity company Guardz. Hackers can purchase this software for $500 and steal financial data, login IDs, and personally identifiable information from macOS devices. But it doesn’t stop there. It can steal crypto wallet data, credit card info, cookies, and passwords from your browser.

Everyone knows that Macs are more secure than Windows devices. Well, that statement isn’t true anymore. It was only a matter of time until cybercriminals developed malware targeting Macs because their users had the funds to pay the Apple premium.

Dridex is another example of a Windows-native malware porting to macOS made by Evil Corp. The name sounds like a sci-fi movie, but its effects are pretty real. It executes malicious modules and harvests sensitive data. And what’s the way it gets on your device? A simple Microsoft Excel spreadsheet is attached in a phishing mail.

It doesn’t matter if you use Windows Defender, XProtect, or Gatekeeper as an antivirus. Malware is becoming more advanced, and no one knows how ShadowVault is being spread. So, you need to keep your defenses up at all times.

How Do You Prevent Malware?

The most common ways malware gets on your device are through infected websites and apps, fake ads, and email attachments. People still fall for scams that offer prizes and gifts for clicking a button (don’t fall for them). Another trick from the hacker’s handbook is a pop-up that claims your computer has been infected, and you need to click inside the pop-up to run a scan. These are the basics you need to look out for.

A more advanced approach includes file-converter sites. They force you to download a zip file to receive the result, and you get malware as a bonus. Discount sites and coupon finders fall into the same category.

Almost all hacking approaches use social engineering, mainly spread through email. Set a standard for yourself or your company to only download email attachments if you confirm the contents with the sender. Anyone can get hacked, and it’s no hassle to verify whether the files you download are secure. Here are some more tips to help you out.

Use Unique Passwords for Each Account

Password strength depends on two factors: length and complexity. The longer a password is, the harder it is to break. That’s because hackers use a brute-force approach to crack it and a repository of the most common passwords people use.

Most of us are familiar with jumbled passwords like “A4%z4R!o12T”. Google recommends them by default. But they’re hard to remember, and you have to write them down somewhere. An easier alternative is to combine a few words and mix in a few special characters with uppercase and lowercase letters.

Next comes password reuse. Never do it. By never, it means absolutely never. You need to have a unique password for every account. It doesn’t matter if it’s personal or corporate. If hackers compromise one password, they can have them all, if every password is different; tough luck to the cybercriminals.

Use Multi-Factor Authentication Wherever Possible

Two-factor authentication, or MFA, is an excellent password hygiene tip. If you can enable this option on your accounts, do it. MFA adds another layer of security because an attacker won’t be able to log in to an account without filling in an OTP.

Every banking and health app includes this option by default. You have two choices when setting up MFA: an SMS or an OTP on an app. The latter is more secure. In the case of a breach, you’ll have more time to gain control over the account.

Don’t Copy-Paste Passwords

Here’s a fun fact. All running apps on your Windows device can read and write to your clipboard (the part that remembers what you copied). It doesn’t matter if it’s malicious or not. You don’t want third-party apps or copy-paste malware to gain access to such vital data. Instead, manually type the text in the field using a password manager. You’ll spend a few extra seconds, but your accounts will be safe.