Virulent Windows 'XLoader' malware is now on macOS

Posted:
in macOS
A particularly powerful malware tool called XLoader has been ported to the Mac, and users can be tricked into giving it access to passwords, clipboard, and allowing it to take screenshots.




Malware on Mac is still a small-scale threat compared to Windows, but it is growing, and there have even been Apple Silicon versions. Now the infamous XLoader malware for Windows has been detected on Macs.

"While there might be a gap between Windows and MacOS malware, the gap is slowly closing over time. The truth is that MacOS malware is becoming bigger and more dangerous," said Yaniv Balmas of Check Point Security, which discovered the macOS version, told Bleeping Computer.

Check Point Security has previously discovered security issues ranging from Apple's Contacts app to Amazon's Alexa. It says now that, combining Windows and Mac, XLoader is the fourth most-used malware tool in the year up to June 1, 2021.

Originally known as Formbook, XLoader has changed over the past few years to become not only cross-platform, but also what Check Point calls "malware as a service." Bad actors can effectively rent the malware, starting at $49 for a month, so long as they also pay an unspecified further fee to use particular servers belonging to the company behind XLoader.

What that bad actor can get is access to a user's Mac. However, XLoader can't be added or run on a Mac without explicit permission from that user. So the technical malware is typically run alongside social manipulation, designed to trick users into allowing XLoader to run.

"One of the most exciting things about the new malware [variant] was its ability to operate in the macOS," said Check Point Security in a report. "With approximately 200 million users operating macOS in 2018 (as reported by Apple), this is definitely a promising new market for the malware to enter."

Read on AppleInsider

Comments

  • Reply 1 of 6
    neilmneilm Posts: 899member
    This article is pretty much devoid of useful content. It could be summed up in a few words as “There’s some bad stuff out there.”

    How is XLoader spread? What’s the specific attack vector? How do you test for its presence? How do you eliminate it? Can any of the usual tools, such as MalwareBytes, deal with it? And why did AI bother to post this article?
    seanjbaconstangrs0212steven n.ravnorodommacplusplusdysamoriawatto_cobra
  • Reply 2 of 6
    lkrupplkrupp Posts: 9,449member
    " and users can be tricked into giving it access to passwords, clipboard, and allowing it to take screenshots.

    So which users are being tricked into installing this malware? Only the stupid ones or every Mac user on the planet? Why can’t the U.S. Cyber Command shut down "particular servers belonging to the company behind XLoader”? Are hackers now referred to as ‘companies’? Will XLoader be listed on the NYSE next?

    I’m being sarcastic, of course, but we never , EVER, hear actual numbers from security researchers of how many are being compromised. Will AppleInsider be starting a web page for users to report, “Yeah, I got nailed by XLoader”?

    I get phone calls almost every day from the IRS telling me my SSA check has been canceled, the IRS telling me there’s a warrant out for my arrest, the U.S. Marshals’s office telling me I’m involved in criminal activity, and Amazon telling me there’s a $900 order on my account I need to verify. I just chuckle and hang up. Same goes for any email or text I get claiming I need to resolve some issue or lose money.

    Yes, when you reach a certain age the bad guys beat a path to your door trying to trick you into giving them money, data, or both.


    baconstangzeus423macplusplusdysamoriawatto_cobrajony0
  • Reply 3 of 6
    gatorguygatorguy Posts: 23,162member
    lkrupp said:
    " and users can be tricked into giving it access to passwords, clipboard, and allowing it to take screenshots.

    So which users are being tricked into installing this malware? Only the stupid ones or every Mac user on the planet? Why can’t the U.S. Cyber Command shut down "particular servers belonging to the company behind XLoader”? Are hackers now referred to as ‘companies’? Will XLoader be listed on the NYSE next?

    I’m being sarcastic, of course, but we never , EVER, hear actual numbers from security researchers of how many are being compromised. Will AppleInsider be starting a web page for users to report, “Yeah, I got nailed by XLoader”?

    I get phone calls almost every day from the IRS telling me my SSA check has been canceled, the IRS telling me there’s a warrant out for my arrest, the U.S. Marshals’s office telling me I’m involved in criminal activity, and Amazon telling me there’s a $900 order on my account I need to verify. I just chuckle and hang up. Same goes for any email or text I get claiming I need to resolve some issue or lose money.

    Yes, when you reach a certain age the bad guys beat a path to your door trying to trick you into giving them money, data, or both.


    There's a LOT more detail on this in the report cited by the Appleinsider editor. Watch your blue highlight links. 
    https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/
    jony0
  • Reply 4 of 6
    jdb8167jdb8167 Posts: 619member
    gatorguy said:
    lkrupp said:
    " and users can be tricked into giving it access to passwords, clipboard, and allowing it to take screenshots.

    So which users are being tricked into installing this malware? Only the stupid ones or every Mac user on the planet? Why can’t the U.S. Cyber Command shut down "particular servers belonging to the company behind XLoader”? Are hackers now referred to as ‘companies’? Will XLoader be listed on the NYSE next?

    I’m being sarcastic, of course, but we never , EVER, hear actual numbers from security researchers of how many are being compromised. Will AppleInsider be starting a web page for users to report, “Yeah, I got nailed by XLoader”?

    I get phone calls almost every day from the IRS telling me my SSA check has been canceled, the IRS telling me there’s a warrant out for my arrest, the U.S. Marshals’s office telling me I’m involved in criminal activity, and Amazon telling me there’s a $900 order on my account I need to verify. I just chuckle and hang up. Same goes for any email or text I get claiming I need to resolve some issue or lose money.

    Yes, when you reach a certain age the bad guys beat a path to your door trying to trick you into giving them money, data, or both.


    There's a LOT more detail on this in the report cited by the Appleinsider editor. Watch your blue highlight links. 
    https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/
    I missed where that article gives any actionable information. I did find this: "In the upcoming articles we share the technical details of the malware’s macOS version which reveal how XLoader operates under the hood..." I didn't find anything about how it propagates or how it gets around standard OS and browser protections. Others are claiming that it is being sent in email campaigns. This article implies it spreads via email but doesn't give any details except that the criminal that created this trojan didn't want it used that way. Pretty bizarre.

    Until details emerge I'm going to assume this is no more of a threat than the 100s of other trojans that people unwittingly install when they download porn or pirated software.
    ravnorodommacplusplusdysamoriawatto_cobrajony0
  • Reply 5 of 6
    Hmm, who is sounding the alarm on this? Oh, it's Check Point Security.

    Would they have any incentive to spread fear among the masses?
    williamlondonwatto_cobra
  • Reply 6 of 6
    dysamoriadysamoria Posts: 3,429member
    lkrupp said:
    " and users can be tricked into giving it access to passwords, clipboard, and allowing it to take screenshots.

    So which users are being tricked into installing this malware? Only the stupid ones or every Mac user on the planet? Why can’t the U.S. Cyber Command shut down "particular servers belonging to the company behind XLoader”? Are hackers now referred to as ‘companies’? Will XLoader be listed on the NYSE next?

    I’m being sarcastic, of course, but we never , EVER, hear actual numbers from security researchers of how many are being compromised. Will AppleInsider be starting a web page for users to report, “Yeah, I got nailed by XLoader”?

    I get phone calls almost every day from the IRS telling me my SSA check has been canceled, the IRS telling me there’s a warrant out for my arrest, the U.S. Marshals’s office telling me I’m involved in criminal activity, and Amazon telling me there’s a $900 order on my account I need to verify. I just chuckle and hang up. Same goes for any email or text I get claiming I need to resolve some issue or lose money.

    Yes, when you reach a certain age the bad guys beat a path to your door trying to trick you into giving them money, data, or both.
    It’s not a certain age. It’s everyone. The only age that matters is the age of the contact method. The older it is, the longer it’s been in the wild and the more apt it is to be targeted by scams and advertising.
Sign In or Register to comment.