ChatGPT has recently uncovered a new form of malware targeting Mac computers. A cybersecurity firm, Guardz Cyber Intelligence Research (CIR), conducted the investigation and found the malware called ShadowVault. It is being sold on a Russian cybercrime forum for prices up to $60,000.
According to Guardz CIR, their researchers used an AI chatbot to initially prompt them to look for new Mac threats being sold on the dark web. After being directed by ChatGPT to search Russian cybercrime forums, Guardz researchers discovered ShadowVault being advertised.
ShadowVault is a Hidden Virtual Network Computing (HVNC) tool that allows remote access and control of a victim's Macs without their knowledge. The sellers of ShadowVault boast that it can give full access to a target's machine and that additional capabilities can be added for extra fees. Since April 2023, the malware is reportedly for sale.
Guardz stated that there are not yet any known cases of ShadowVault being used in the wild. Apple also has not yet provided any comment on Guardz's findings. However, the accessibility of the malware on criminal forums raises concerns about potential future attacks on Mac users.
The cybersecurity team explained how HVNC tool works:
For a lifetime price of $60,000, the threat actor will provide you with a malicious tool that supports persistence, runs without requesting any permission from the user, has a reverse shell plus remote file manager, and was tested on a wide array of macOS versions from 10 up to 13.2.
The discovery highlights the growing threats facing MacOS as cybercriminals seek to exploit more victims. Users are advised to keep their software up-to-date and utilize security tools to help detect and prevent malware infections.
Guardz recommends Mac users implement robust endpoint protection to defend against HVNC and other emerging threats being developed and sold on dark web forums. The cyber firm's report demonstrates the potential for AI like ChatGPT to assist human researchers in uncovering the latest schemes by criminal hackers.