Virulent Windows 'XLoader' malware is now on macOS
A particularly powerful malware tool called XLoader has been ported to the Mac, and users can be tricked into giving it access to passwords, clipboard, and allowing it to take screenshots.
Malware on Mac is still a small-scale threat compared to Windows, but it is growing, and there have even been Apple Silicon versions. Now the infamous XLoader malware for Windows has been detected on Macs.
"While there might be a gap between Windows and MacOS malware, the gap is slowly closing over time. The truth is that MacOS malware is becoming bigger and more dangerous," said Yaniv Balmas of Check Point Security, which discovered the macOS version, told Bleeping Computer.
Check Point Security has previously discovered security issues ranging from Apple's Contacts app to Amazon's Alexa. It says now that, combining Windows and Mac, XLoader is the fourth most-used malware tool in the year up to June 1, 2021.
Originally known as Formbook, XLoader has changed over the past few years to become not only cross-platform, but also what Check Point calls "malware as a service." Bad actors can effectively rent the malware, starting at $49 for a month, so long as they also pay an unspecified further fee to use particular servers belonging to the company behind XLoader.
What that bad actor can get is access to a user's Mac. However, XLoader can't be added or run on a Mac without explicit permission from that user. So the technical malware is typically run alongside social manipulation, designed to trick users into allowing XLoader to run.
"One of the most exciting things about the new malware [variant] was its ability to operate in the macOS," said Check Point Security in a report. "With approximately 200 million users operating macOS in 2018 (as reported by Apple), this is definitely a promising new market for the malware to enter."
Read on AppleInsider
Malware on Mac is still a small-scale threat compared to Windows, but it is growing, and there have even been Apple Silicon versions. Now the infamous XLoader malware for Windows has been detected on Macs.
"While there might be a gap between Windows and MacOS malware, the gap is slowly closing over time. The truth is that MacOS malware is becoming bigger and more dangerous," said Yaniv Balmas of Check Point Security, which discovered the macOS version, told Bleeping Computer.
Check Point Security has previously discovered security issues ranging from Apple's Contacts app to Amazon's Alexa. It says now that, combining Windows and Mac, XLoader is the fourth most-used malware tool in the year up to June 1, 2021.
Originally known as Formbook, XLoader has changed over the past few years to become not only cross-platform, but also what Check Point calls "malware as a service." Bad actors can effectively rent the malware, starting at $49 for a month, so long as they also pay an unspecified further fee to use particular servers belonging to the company behind XLoader.
What that bad actor can get is access to a user's Mac. However, XLoader can't be added or run on a Mac without explicit permission from that user. So the technical malware is typically run alongside social manipulation, designed to trick users into allowing XLoader to run.
"One of the most exciting things about the new malware [variant] was its ability to operate in the macOS," said Check Point Security in a report. "With approximately 200 million users operating macOS in 2018 (as reported by Apple), this is definitely a promising new market for the malware to enter."
Read on AppleInsider
Comments
So which users are being tricked into installing this malware? Only the stupid ones or every Mac user on the planet? Why can’t the U.S. Cyber Command shut down "particular servers belonging to the company behind XLoader”? Are hackers now referred to as ‘companies’? Will XLoader be listed on the NYSE next?
I’m being sarcastic, of course, but we never , EVER, hear actual numbers from security researchers of how many are being compromised. Will AppleInsider be starting a web page for users to report, “Yeah, I got nailed by XLoader”?
I get phone calls almost every day from the IRS telling me my SSA check has been canceled, the IRS telling me there’s a warrant out for my arrest, the U.S. Marshals’s office telling me I’m involved in criminal activity, and Amazon telling me there’s a $900 order on my account I need to verify. I just chuckle and hang up. Same goes for any email or text I get claiming I need to resolve some issue or lose money.
Yes, when you reach a certain age the bad guys beat a path to your door trying to trick you into giving them money, data, or both.
https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/
Until details emerge I'm going to assume this is no more of a threat than the 100s of other trojans that people unwittingly install when they download porn or pirated software.
Would they have any incentive to spread fear among the masses?