XLoader malware steals accounts from macOS and Windows systems

-
cyber attack, xloader malware, xloader, check point

A malware that specializes in stealing information from Windows has been modified into a new strain called XLoader, so it can target macOS systems.

XLoader is currently showing up on an underground forum as a bot download service that can "take" passwords from web browsers and some email clients.

XLoader was announced as a multi-platform botnet (Windows and macOS) with no dependencies, and launched last February and growing in popularity.

XLoader's most important functions (steal login credentials, take screenshots, keystrokes, and execute malicious files).

A customer can rent the macOS version of the malware for $49 (one month) and access a server provided by the vendor.

Windows technology is more expensive with the seller asking $59 for a one-month license and $129 for three months.

XLoader makers also provide a Java binder for free, which allows customers to create a standalone JAR file with the Mach-O and EXE binaries used by macOS and Windows.

According to Check Point researchers saw requests from 69 countries, indicating a significant spread across the globe, with more than half of the victims being in the United States, they also said XLoadercan hide to make it difficult for a regular, non-technical user to spot it.

Check Point researchers recommend using macOS’ Autorun to check the username in the OS and to look into the LaunchAgents folder [/Users/[username]/Library/LaunchAgents] and delete entries with suspicious filenames (random-looking name).

Cybercriminals are seeing now the mac OS as an attractive target.

“While there might be a gap between Windows and MacOS malware, the gap is slowly closing over time. The truth is that MacOS malware is becoming bigger and more dangerous” - Yaniv Balmas

The researcher believes that more malware families will adapt and add macOS to the list of supported operating systems.



Popular posts from this blog

LIST OF STOP DJVU Extensions

-
Image
Extension appended to the end of the encrypted data filename Older STOP (Djvu) Ransomware encryptions: .STOP, .SUSPENDED, .WAITING, .PAUSA, .CONTACTUS, .DATASTOP, .STOPDATA, .KEYPASS, .WHY, .SAVEfiles, .DATAWAIT, .INFOWAIT, .puma, .pumax, .pumas, .shadow, .djvu, .djvuu, .udjvu, .djvuq, .uudjvu, .djvus, .djvur, .djvut .pdff, .tro, .tfude, .tfudeq, .tfudet, .rumba, .adobe, .adobee, .blower, .promos, .promoz, .promock, .promoks, .promorad,, promorad2, .kroput, .kroput1, .charck, .pulsar1, .klope, .kropun, .charcl, .doples, .luces, .luceq, .chech, .proden, .drume, .tronas, .trosak, .grovas, .grovat, .roland, .refols, .raldug, .etols, .guvara, .browec, .norvas, .moresa, .verasto, .hrosas, .kiratos, .todarius, .hofos, .roldat, .dutan, .sarut, .fedasot, .forasom, .berost, .fordan, .codnat, .codnat1, .bufas, .dotmap, .radman, .ferosas, .rectot, .skymap, .mogera, .rezuc, .stone, .redmat, .lanset, .davda, .poret, .pidon, .heroset, .myskle, .boston, .muslat, .gerosan, .vesad, .horon, .neras, .tru...
Read-more »

How to remove syzs_dl_svr.exe error

-
Image
What is syzs_dl_svr.exe? The file syzs_dl_svr.exe is an executable program associated with the Gameloop Android emulator , commonly used to play mobile games like PUBG Mobile and Call of Duty Mobile on a Windows PC. It typically installs in the following directory: C:\Program Files\txgameassistant\appmarket\ Although it’s a legitimate component of Gameloop, syzs_dl_svr.exe has raised concerns due to its hidden nature, network activity, and moderate danger rating. Some malware programs also disguise themselves using this file name, especially when found in suspicious locations like: C:\Windows\ C:\Windows\System32\ Common Errors Caused by syzs_dl_svr.exe Many users report the following issues: Gameloop startup crashes Camtasia not responding , especially during editing or adding callouts High CPU or memory usage Suspicious internet activity (data being sent over open ports) Antivirus alerts marking it as a Trojan or potentially unwanted program (PUP) ...
Read-more »