A new version of Xagent, malware reportedly created by Russian hacking group APT28, has been discovered, and this version targets Mac users.

As outlined in a blog post by antivirus company Bitdefender (via Ars Technica), Xagent has previously been used to infiltrate Windows, iOS, Android, and Linux devices, but now Macs are vulnerable to attack as well. This is the first version of Xagent that's believed to be able to infiltrate Macs.

macbook pros 2015
The Mac version of Xagent is described as a backdoor that can be customized to do things like log passwords, detect system configurations, execute files, take screenshots of the display, and access iOS backups stored on the Mac.

The sample we are discussing today has been linked to the Mac OSX version of Xagent component from Sofacy/APT28/Sednit APT. This modular backdoor with advanced cyber-espionage capabilities is most likely planted on the system via the Komplex downloader.

Once successfully installed, the backdoor checks if a debugger is attached to the process. If it detects one, it terminates itself to prevent execution. Otherwise, it waits for an Internet connection before initiating communication with the C&C servers.

After the communication has been established, the payload starts the modules. Our preliminary analysis shows most of the C&C URLs impersonate Apple domains.

APT28 is the cyberespionage group that has been accused of hacking into the U.S. Democratic National Committee last year and interfering with the 2016 presidential election.

Bitdefender isn't entirely sure how the Mac version of Xagent is being distributed to users, but it could be spread via a macOS malware downloader called Komplex, which exploits a vulnerability in the virus-like MacKeeper software. Research on the malware is ongoing.

Mac users concerned about Xagent should avoid downloading anything that doesn't come from the Mac App Store or a well-known developer.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

bluespark Avatar
bluespark
115 months ago
A malware discussion is political? Everyone should be able to comment on this.
Score: 19 Votes (Like | Disagree)
manu chao Avatar
manu chao
115 months ago
Maybe it is time that MacKeeper is classified as malware by anti-malware applications ...
Score: 12 Votes (Like | Disagree)
keysofanxiety Avatar
keysofanxiety
115 months ago
Maybe it is time that MacKeeper is classified as malware by anti-malware applications ...
It is. MalwareBytes deletes it.
Score: 5 Votes (Like | Disagree)
John.B Avatar
John.B
115 months ago
Mac users concerned about Xagent should avoid downloading anything that doesn't come from the Mac App Store or a well-known developer.
The attack vector is based on a vulnerability in Mackeeper.

Keep that off your Mac and you'll be fine.
Score: 5 Votes (Like | Disagree)
Kajje Avatar
Kajje
115 months ago
Installation of that Mackeeper pest should be blocked on firmware level.
Score: 2 Votes (Like | Disagree)
997440 Avatar
997440
115 months ago
More information on this issue from @thomasareed. He's unable to post here because he has less than 100 posts.

He wanted to let us "know that this new "XAgent" variant of Komplex has absolutely no relation to a MacKeeper exploit. The writer has conflated this variant with one specific older variant from 2015. As much as I'd like to be able to blame MacKeeper, that vulnerability was closed in 2015, and there's no indication whatsoever that MacKeeper is in any way involved with the "XAgent" variant."





(Mr. Reed works for Malwarebytes and codes Malwarebytes Anti-Malware for Mac. Prior to this he developed Adware Medic and wrote extensively about security matters, and other Mac matters, at thesafemac((dot))com.)
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

streaming black friday 2025

Black Friday Streaming Deals Include Big Savings on Disney+, Hulu, Apple TV, and More

Monday November 24, 2025 8:03 am PST by
We've been focusing on deals on physical products over the past few weeks, but Black Friday is also a great time of year to purchase a streaming membership. Some of the biggest services have great discounts for new and select returning members this week, including Disney+, Hulu, Paramount+, Peacock, and more. Note: MacRumors is an affiliate partner with some of these vendors. When you click a...
Read Full Article27 comments
iOS 26 on Three iPhones

iOS 27 Will Reportedly Have Two Key Upgrades

Sunday November 23, 2025 8:48 am PST by
iOS 27 will reportedly have two major elements: quality improvements and new AI features. In his Power On newsletter today, Bloomberg's Mark Gurman said that iOS 27 will be similar to Mac OS X Snow Leopard, in the sense that Apple is focused on improving "quality and underlying performance" over adding new features. Gurman said there is one exception to this rule, though, as he expects...
Read Full Article176 comments
General Black Friday Deals 25 Red

Apple Black Friday Deals Available Now on AirPods, iPads, Accessories, and More

Friday November 21, 2025 8:48 am PST by
We're only a few days away from Black Friday, which will take place on Friday, November 28 in 2025. As always, this will be the best time of the year to shop for great deals, including popular Apple products like AirPods, iPad, Apple Watch, and more. In this article, the majority of the discounts will be found on Amazon. Note: MacRumors is an affiliate partner with some of these vendors. When...
Read Full Article4 comments
iOS 26

iOS 26.2 Adds These New Features to Your iPhone

Thursday November 20, 2025 10:50 am PST by
iOS 26.2 is currently in beta testing. The upcoming update includes a handful of new features and changes on the iPhone, including a new Liquid Glass slider for the Lock Screen's clock, offline lyrics for Apple Music, and more. In a recent press release, Apple confirmed that iOS 26.2 will be released to all users in December, but it did not provide a specific release date. Keep reading...
Read Full Article27 comments
maxresdefault

The MacRumors Show: iPhone 18 Pro Looks Like a Huge Upgrade

Friday November 21, 2025 9:10 am PST by
On this week's episode of The MacRumors Show, we talk through all of the new features and improvements expected to come to next year's iPhone 18 Pro and iPhone 18 Pro Max models. Subscribe to The MacRumors Show YouTube channel for more videos Apple's next-generation iPhones are less than ten months away and we already have a good idea about what to expect based on corroborated leaks, rumors,...
Read Full Article49 comments
Apple Foldable Thumb

Foldable iPhone to Debut These Three Breakthrough Features

Tuesday November 25, 2025 7:09 am PST by
Apple's first foldable iPhone is expected to launch alongside the iPhone 18 Pro models in fall 2026, and it's shaping up to include three standout features that could set it apart from the competition. The book-style foldable will reportedly feature an industry-first 24-megapixel under-display camera built into the inner display, according to a recent JP Morgan equity research report. That...
Read Full Article120 comments
apple news banner

Apple News Loses CNN

Monday November 24, 2025 7:56 am PST by
American multinational news company CNN has abruptly pulled its content from Apple News, Semafor reports. CNN quietly removed its stories from Apple News over the weekend and there is no longer a feed from the network to subscribe to in the app. This effectively ends its distribution agreement with Apple while the two sides negotiate new terms. Discussions are apparently ongoing and CNN's...
Read Full Article135 comments
amazon black friday

Amazon Kicks Off Black Friday Sale With Major Discounts on Apple Accessories, TVs, and More

Sunday November 23, 2025 7:12 am PST by
Black Friday deals have begun, and Amazon is one of the best places you can find steep discounts on numerous products this week. We've already collected all of the best Apple-related deals you'll find at Amazon (and other retailers) in our Apple Black Friday Deals post, so below you'll find other discounts on devices like Anker accessories, Beats headphones, video games, TVs, and more. Note:...
Read Full Article2 comments
Apple Shopping Event 2025

Apple Announces 2025 Black Friday Event, Here's What You Can Get

Thursday November 20, 2025 6:28 am PST by
Apple's annual four-day Black Friday through Cyber Monday shopping event is returning on Friday, November 28 through Monday, December 1 in many countries, including the United States, Canada, Australia, New Zealand, France, Germany, Italy, Spain, the United Kingdom, Belgium, the Netherlands, Sweden, Thailand, and others. During the shopping event, customers can get an Apple gift card with...
Read Full Article41 comments