- Aug 17, 2014
Cybersecurity researchers on Wednesday disclosed details of an evolving malware that has now been upgraded to steal sensitive information from Apple's macOS operating system.
The malware, dubbed "XLoader," is a successor to another well-known Windows-based info stealer called Formbook that's known to vacuum credentials from various web browsers, collect screenshots, log keystrokes, and download and execute files from attacker-controlled domains.
"For as low as $49 on the Darknet, hackers can buy licenses for the new malware, enabling capabilities to harvest log-in credentials, collect screenshots, log keystrokes, and execute malicious files," cybersecurity firm Check Point said in a report shared with The Hacker News.
Distributed via spoofed emails containing malicious Microsoft Office documents, XLoader is estimated to infected victims spanning across 69 countries between December 1, 2020, and June 1, 2021, with 53% of the infections reported in the U.S. alone, followed by China's special administrative regions (SAR), Mexico, Germany, and France.
"[XLoader] is far more mature and sophisticated than its predecessors, supporting different operating systems, specifically macOS computers," said Yaniv Balmas, head of cyber research at Check Point. "Historically, macOS malware hasn't been that common. They usually fall into the category of 'spyware', not causing too much damage."
"While there might be a gap between Windows and MacOS malware, the gap is slowly closing over time. The truth is that macOS malware is becoming bigger and more dangerous," Balmas noted, adding the findings "are a perfect example and confirm this growing trend."