XLoader is an evolutionary and more powerful version of the malware Formbook. It has now migrated to MacOS as well, and is more dangerous than before. It lets an attacker log keystrokes, take screenshots, and access other private information.
It’s already quite popular on dark web stores, say reports by Check Point Research (CPR), proving that government’s, as well as our idea of cybercrime, is really narrow, and we should be more aware of it.
What’s even more worrying is that this malware is sold for really cheap prices, as low as $50 per month. Yes, per month, this malware has also adapted to the new subscription model of using softwares. It’s just like subscribing to Adobe Creative Cloud, we pay the developer as long as we wish to use their service.
Formbook primarily targeted Windows users but disappeared from being on sale in 2018. Formbook rebranded to XLoader in 2020.
This exists a significant potential threat to all Mac users. In 2018, Apple estimated that over 100million macOS devices in use. Check Point Research tracked Xloader activity between December 1, 2020 and June 1, 2021, and saw XLoader requests from as many as 69 countries. Over half (53%) of the victims reside in the United States.
XLoader is stealthy, meaning it is hard to tell when a Mac is infected with it, but the company does provide one method of checking:-
1. Go to /Users/[username]/Library/LaunchAgents directory
2. Check for suspicious filenames in this directory (example below is a random name)
/Users/user/Library/LaunchAgents/com.wznlVRt83Jsd.HPyT0b4Hwxh.plist
Only we can protect our devices from XLoader being installed, as it is mainly spread through phishing methods like spoofed emails. Those emails usually contain malware-infected MS Office documents which if downloaded, infects our device with malware. We shall be careful around downloading things on our devices and send those spoofy emails directly to the junk folder.
“Historically, macOS malware hasn’t been that common. They usually fall into the category of ‘spyware’, not causing too much damage.
I think there is a common incorrect belief with macOS users that Apple platforms are more secure than other more widely used platforms,” said Yaniv Balmas, head of cyber research for Check Point. “While there might be a gap between Windows and macOS malware, the gap is slowly closing over time. The truth is that macOS malware is becoming bigger and more dangerous. Our recent findings are a perfect example and confirm this growing trend.” said Yaniv Balmas, head of cyber research at Check Point Software.