Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its command and control servers, making it difficult to disrupt the malware's operation.
This helps the malware operators continue using the same infrastructure without the risk of losing nodes due to blocks on identified IP addresses while also reducing the chances of being tracked and identified.
XLoader is an information-stealer that was originally based on Formbook, targeting Windows and macOS operating systems. It first entered widespread deployment in January 2021.
Researchers at Check Point, who have been following the evolution of the malware, have sampled and analyzed the more recent XLoader versions 2.5 and 2.6 and spotted some critical differences compared to previous versions.