XLoader malware steals accounts from macOS and Windows systems

cyber attack, xloader malware, xloader, check point

A malware that specializes in stealing information from Windows has been modified into a new strain called XLoader, so it can target macOS systems.

XLoader is currently showing up on an underground forum as a bot download service that can "take" passwords from web browsers and some email clients.

XLoader was announced as a multi-platform botnet (Windows and macOS) with no dependencies, and launched last February and growing in popularity.

XLoader's most important functions (steal login credentials, take screenshots, keystrokes, and execute malicious files).

A customer can rent the macOS version of the malware for $49 (one month) and access a server provided by the vendor.

Windows technology is more expensive with the seller asking $59 for a one-month license and $129 for three months.

XLoader makers also provide a Java binder for free, which allows customers to create a standalone JAR file with the Mach-O and EXE binaries used by macOS and Windows.

According to Check Point researchers saw requests from 69 countries, indicating a significant spread across the globe, with more than half of the victims being in the United States, they also said XLoadercan hide to make it difficult for a regular, non-technical user to spot it.

Check Point researchers recommend using macOS’ Autorun to check the username in the OS and to look into the LaunchAgents folder [/Users/[username]/Library/LaunchAgents] and delete entries with suspicious filenames (random-looking name).

Cybercriminals are seeing now the mac OS as an attractive target.

“While there might be a gap between Windows and MacOS malware, the gap is slowly closing over time. The truth is that MacOS malware is becoming bigger and more dangerous” - Yaniv Balmas

The researcher believes that more malware families will adapt and add macOS to the list of supported operating systems.



Popular posts from this blog

LIST OF STOP DJVU Extensions

How to remove syzs_dl_svr.exe error