XLoader is $ 49 malware for data theft from Mac devices

A troubling element of modern cybercrime is how easy it is to get hold of powerful and invasive tools, the kind that can wreak havoc on an unsuspecting victim’s computer.

Today’s malware economy resembles a subscription model, allowing developers to license their nefarious products to any paid dark web customer. In most cases, these clients doesn’t even need to have a lot of expertise, because most of the functionalities of the tools are automated.

A perfect example comes from researchers at the security company Check Point, who recently spotted such a product circulating on the web: it is an accessible and inexpensive program called “XLoader”, which can be used to hack and steal information from Windows and macOS devices. .

In a report published Wednesday, Check Point shows how XLoader is being sold for as low as $ 49 on a popular dark web forum. There, criminals can “fire” him from a developer to carry out attacks. Buyers, however, only have access to the malware for a limited time and must carry out attacks from a server controlled by the seller: for example, it costs $ 99 for a three-month subscription to Custom XLoader for itself. infiltrate. MacOS devices. The Windows version, on the other hand, is more expensive, at $ 129 for a three-month subscription.

The malware, which is an outgrowth of an older and popular malware called “Formbook,” has been deployed in countries around the world, with a majority of victims residing in the United States, the researchers said.

As you can see in an old image of Formbook’s pricing structure, accessing these kind of stealth hacking weapons isn’t all that different than getting a monthly subscription to Amazon Prime:

Much like its predecessor, XLoader has all kinds of potential invasives, allowing an intruder to log your keystrokes, collect login credentials, collect screenshots on your desktop, and also download and deploy from other types of malicious files on the target device. Other features include sniffing network traffic and clipboard monitoring. XLoader’s credential collection feature works for “nearly a hundred applications, including browsers, email, FTP and email clients,” the researchers write.

Most often, the malware is spread through typical phishing schemes that use spoofed emails. These emails come loaded with malware-laden Microsoft Office documents which, if downloaded, will inject the program into your computer.

“I think macOS users mistakenly think Apple platforms are more secure than other more widely used platforms,” said Yaniv Balmas, head of cyber research for Check Point. “While there may be a gap between Windows and macOS malware, the gap is slowly narrowing over time. The truth is, macOS malware is getting bigger and more dangerous. Our recent discoveries are a perfect example and confirm this growing trend. “

While it’s not particularly fun to imagine what kind of creeps would want to use XLoader, Check Point does provide some basic recommendations to avoid this mess: don’t go digging into unprotected websites, watch for weird behaviors in your browser. device, and as always, send that suspicious email from an unknown sender straight to the trash. The company also recommend running an Autorun function on your device to look for suspicious file names in the LaunchAgents folder, a place where it might To be visible traces of potential compromise.