XLoader Windows InfoStealer Malware now upgraded to attack macOS systems

Cyber ​​security researchers on Wednesday unveiled details of evolving malware that has now been upgraded to steal sensitive information from Apple’s macOS operating system.

The malware, dubbed “XLoader”, is the successor to another well-known Windows information thief called Formbook who is known to suck credentials from various web browsers, collect screenshots, record keystrokes and download and execute files from domains controlled by attackers.

“For as little as $ 49 on the Darknet, hackers can purchase licenses for the new malware, which can harvest login credentials, collect screenshots, log keystrokes, and run. malicious files, ”cybersecurity firm Check Point said in a report shared with Hacker News.

Distributed via spoofed emails containing malicious Microsoft Office documents, XLoader is estimated to number infected victims in 69 countries between December 1, 2020 and June 1, 2021, with 53% of infections reported in the United States alone, followed by special administrative regions of China. (SAR), Mexico, Germany and France.

While the very first samples of Formbook were detected in the wild in January 2016, the sale of the malware on underground forums stopped in October 2017, only to be resurrected more than two years later in the form of XLoader. in February 2020. In October 2020, the latter was advertised for sale on the same forum that was used to sell Formbook, Check Point said. Formbook and its derivative XLoader would both share the same codebase.

According to statistics released by Check Point earlier in January, Formbook was the third most common malware family in December 2020, affecting 4% of organizations worldwide. It should be noted that the recently discovered XLoader malware for PC and Mac is not the same as XLoader for Android, which was first detected in April 2019.

“[XLoader] is much more mature and sophisticated than its predecessors, supporting different operating systems, especially macOS computers, ”said Yaniv Balmas, Head of Cyber ​​Research at Check Point. “Historically, macOS malware was not that common. They generally fall under the category of “spyware”, not causing too much damage. “

“While there may be a gap between Windows and macOS malware, the gap is slowly narrowing over time. The truth is that macOS malware is getting bigger and bigger and more dangerous,” noted Balmas, adding that the results “are a perfect example and confirm this growing trend.”