Xloader malware, a newly modified malware that steals information from the Windows system, is now targeting macOS systems.
Xloader Malware Affecting macOS
Xloader malware can recover deleted passwords from numerous web browsers and emails, and it is available on an underground forum as a botnet loader service.
The web browsers that the Xloader can hack are Firefox, Chrome, Edge, Opera, Outlook, IE, Foxmail, and Thunderbird.
Xloader was derived from Formbook, an information stealer for Windows. It was first detected in 2020 and has since grown in popularity. It was labeled as a cross-platform botnet with no dependencies.
Now, Xloader malware is affecting macOS. A community member confirmed the connection between the two malware pieces after he reverse-engineered it and found that it had the same executable as Formbook.
According to Bleeping Computer, the developer of Formbook contributed a lot to creating Xloader, and the malware on Windows and macOS had the same functionality.
Both malware can steal login credentials, log keystrokes, capture screenshots, and launch malicious files into the operating system.
macOS customers can rent the malware for only $49 a month, and they can get access to a server that the seller provides.
The seller keeps a centralized commend and controlled infrastructure so they can control how the customers use the malware.
Meanwhile, the Windows version of Xloader costs a bit more. The seller asks $59 a month or $129 for three months.
The makers of Xloader also offer a Java binder that allows customers to create a JAR file with the EXE and Mach-O binaries used by Windows and macOS.
How to Protect Your macOS
According to the researchers at Check Point, who tracked the activities of Xloader for six months, there are now thousands of requests for access to the malware from 69 countries. This means that it has spread across the globe and half of the victims of the malware are from the United States.
Even though Formbook is no longer a part of the underground forums, it is still seen as a threat. Formbook was a part of 1,000 malware campaigns over the past three years, according to AnyRun's malware trends. Formbook ranked 4th in the list of the most notorious info-stealers in the past 12 months.
Xloader continues to grow in popularity, especially now that it can target two of the most popular operating systems.
Check Point researchers stated that the malware is so airtight that a regular, non-technical user can't detect it.
The researchers recommend using the Autorun feature on your macOS to check the username, look into the LaunchAgents folder, and delete all the entries that have suspicious filenames.
Yaniv Balmas, the head of cyber research at Check Point, stated that Xloader is more mature and sophisticated than they've expected and that it is becoming bigger and more dangerous.
This article is owned by Tech Times
Written by Sophie Webster