XLoader malware steals accounts from macOS and Windows systems

A malware that specializes in stealing information from Windows has been modified into a new strain called XLoader, so it can target macOS systems.

XLoader is currently showing up on an underground forum as a bot download service that can "take" passwords from web browsers and some email clients.

XLoader was announced as a multi-platform botnet (Windows and macOS) with no dependencies, and launched last February and growing in popularity.

XLoader's most important functions (steal login credentials, take screenshots, keystrokes, and execute malicious files).

A customer can rent the macOS version of the malware for $49 (one month) and access a server provided by the vendor.

Windows technology is more expensive with the seller asking $59 for a one-month license and $129 for three months.

XLoader makers also provide a Java binder for free, which allows customers to create a standalone JAR file with the Mach-O and EXE binaries used by macOS and Windows.

According to Check Point researchers saw requests from 69 countries, indicating a significant spread across the globe, with more than half of the victims being in the United States, they also said XLoadercan hide to make it difficult for a regular, non-technical user to spot it.

Check Point researchers recommend using macOS’ Autorun to check the username in the OS and to look into the LaunchAgents folder [/Users/[username]/Library/LaunchAgents] and delete entries with suspicious filenames (random-looking name).

Cybercriminals are seeing now the mac OS as an attractive target.

“While there might be a gap between Windows and MacOS malware, the gap is slowly closing over time. The truth is that MacOS malware is becoming bigger and more dangerous” - Yaniv Balmas

The researcher believes that more malware families will adapt and add macOS to the list of supported operating systems.