XLoader Windows InfoStealer Malware Now Upgraded to Attack macOS Systems

Cyber Security

Cybersecurity researchers on Wednesday disclosed details of an evolving malware that has now been upgraded to steal sensitive information from Apple’s macOS operating system.

The malware, dubbed “XLoader,” is a successor to another well-known Windows-based info stealer called Formbook that’s known to vacuum credentials from various web browsers, collect screenshots, log keystrokes, and download and execute files from attacker-controlled domains.

Stack Overflow Teams

“For as low as $49 on the Darknet, hackers can buy licenses for the new malware, enabling capabilities to harvest log-in credentials, collect screenshots, log keystrokes, and execute malicious files,” cybersecurity firm Check Point said in a report shared with The Hacker News.

Distributed via spoofed emails containing malicious Microsoft Office documents, XLoader is estimated to infected victims spanning across 69 countries between December 1, 2020, and June 1, 2021, with 53% of the infections reported in the U.S. alone, followed by China’s special administrative regions (SAR), Mexico, Germany, and France.

While the very first Formbook samples were detected in the wild in January 2016, the sale of the malware on underground forums stopped in October 2017, only to be resurrected more than two years later in the form of XLoader in February 2020. In October 2020, the latter was advertised for sale on the same forum which was used for selling Formbook, Check Point said. Both Formbook and its XLoader derivative are said to share the same codebase.

macOS Malware

According to statistics released by Check Point earlier this January, Formbook was third among the most prevalent malware families in December 2020, impacting 4% of organizations worldwide. It’s worth noting that the newly discovered XLoader malware for PC and Mac is not the same as XLoader for Android, which was first detected in April 2019.

Enterprise Password Management

“[XLoader] is far more mature and sophisticated than its predecessors, supporting different operating systems, specifically macOS computers,” said Yaniv Balmas, head of cyber research at Check Point. “Historically, macOS malware hasn’t been that common. They usually fall into the category of ‘spyware’, not causing too much damage.”

“While there might be a gap between Windows and MacOS malware, the gap is slowly closing over time. The truth is that macOS malware is becoming bigger and more dangerous,” Balmas noted, adding the findings “are a perfect example and confirm this growing trend.”

Articles You May Like

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw
Amazon to Invest $4 Billion in Building New AWS Data Centre Cluster in Hyderabad by 2030
Thinking of Breaking Up With Twitter? Here’s the Right Way to Do It
Steam Autumn Sale: Best Deals on PC Including Red Dead Redemption 2, Cyberpunk 2077, Resident Evil 2, More
iPhone Factory Workers’ Protest: Over 20,000 New Hires Said to Leave Foxconn’s Zhengzhou Plant