A new version of Xagent, malware reportedly created by Russian hacking group APT28, has been discovered, and this version targets Mac users.

As outlined in a blog post by antivirus company Bitdefender (via Ars Technica), Xagent has previously been used to infiltrate Windows, iOS, Android, and Linux devices, but now Macs are vulnerable to attack as well. This is the first version of Xagent that's believed to be able to infiltrate Macs.

macbook pros 2015
The Mac version of Xagent is described as a backdoor that can be customized to do things like log passwords, detect system configurations, execute files, take screenshots of the display, and access iOS backups stored on the Mac.

The sample we are discussing today has been linked to the Mac OSX version of Xagent component from Sofacy/APT28/Sednit APT. This modular backdoor with advanced cyber-espionage capabilities is most likely planted on the system via the Komplex downloader.

Once successfully installed, the backdoor checks if a debugger is attached to the process. If it detects one, it terminates itself to prevent execution. Otherwise, it waits for an Internet connection before initiating communication with the C&C servers.

After the communication has been established, the payload starts the modules. Our preliminary analysis shows most of the C&C URLs impersonate Apple domains.

APT28 is the cyberespionage group that has been accused of hacking into the U.S. Democratic National Committee last year and interfering with the 2016 presidential election.

Bitdefender isn't entirely sure how the Mac version of Xagent is being distributed to users, but it could be spread via a macOS malware downloader called Komplex, which exploits a vulnerability in the virus-like MacKeeper software. Research on the malware is ongoing.

Mac users concerned about Xagent should avoid downloading anything that doesn't come from the Mac App Store or a well-known developer.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

bluespark Avatar
bluespark
114 months ago
A malware discussion is political? Everyone should be able to comment on this.
Score: 19 Votes (Like | Disagree)
manu chao Avatar
manu chao
114 months ago
Maybe it is time that MacKeeper is classified as malware by anti-malware applications ...
Score: 12 Votes (Like | Disagree)
keysofanxiety Avatar
keysofanxiety
114 months ago
Maybe it is time that MacKeeper is classified as malware by anti-malware applications ...
It is. MalwareBytes deletes it.
Score: 5 Votes (Like | Disagree)
John.B Avatar
John.B
114 months ago
Mac users concerned about Xagent should avoid downloading anything that doesn't come from the Mac App Store or a well-known developer.
The attack vector is based on a vulnerability in Mackeeper.

Keep that off your Mac and you'll be fine.
Score: 5 Votes (Like | Disagree)
Kajje Avatar
Kajje
114 months ago
Installation of that Mackeeper pest should be blocked on firmware level.
Score: 2 Votes (Like | Disagree)
997440 Avatar
997440
114 months ago
More information on this issue from @thomasareed. He's unable to post here because he has less than 100 posts.

He wanted to let us "know that this new "XAgent" variant of Komplex has absolutely no relation to a MacKeeper exploit. The writer has conflated this variant with one specific older variant from 2015. As much as I'd like to be able to blame MacKeeper, that vulnerability was closed in 2015, and there's no indication whatsoever that MacKeeper is in any way involved with the "XAgent" variant."





(Mr. Reed works for Malwarebytes and codes Malwarebytes Anti-Malware for Mac. Prior to this he developed Adware Medic and wrote extensively about security matters, and other Mac matters, at thesafemac((dot))com.)
Score: 2 Votes (Like | Disagree)
Read All Comments

Popular Stories

2024 iPhone Boxes Feature

Apple Adjusts Trade-In Values for iPhones, iPads, Macs, and More

Thursday November 6, 2025 11:12 am PST by
Apple today updated its trade-in values for select iPhone, iPad, Mac, and Apple Watch models. Trade-ins can be completed on Apple's website, or at an Apple Store. The charts below provide an overview of Apple's current and previous trade-in values in the U.S., according to its website. Maximum values for most devices either decreased or saw no change, but the iPad Air received a slight bump. ...
Read Full Article71 comments
Finder Siri Feature

Apple's New Siri Will Be Powered By Google Gemini

Wednesday November 5, 2025 11:57 am PST by
The smarter, more capable version of Siri that Apple is developing will be powered by Google Gemini, reports Bloomberg. Apple will pay Google approximately $1 billion per year for a 1.2 trillion parameter artificial intelligence model that was developed by Google. For context, parameters are a measure of how a model understands and responds to queries. More parameters generally means more...
Read Full Article368 comments
Liquid Glass General Feature

Apple Shares Liquid Glass Design Gallery

Thursday November 6, 2025 2:45 pm PST by
Apple is promoting the new Liquid Glass design in iOS 26, showing off the ways that third-party developers are embracing the aesthetic in their apps. On its developer website, Apple is featuring a visual gallery that demonstrates how "teams of all sizes" are creating Liquid Glass experiences. The gallery features examples of Liquid Glass in apps for iPhone, iPad, Apple Watch, and Mac. Apple...
Read Full Article116 comments
iOS 26

iOS 26.1 Available Now With These 8 New Features

Monday November 3, 2025 5:54 am PST by
Following more than a month of beta testing, Apple released iOS 26.1 on Monday, November 3. The update includes a handful of new features and changes, including the ability to adjust the look of Liquid Glass and more. Below, we outline iOS 26.1's key new features. Liquid Glass Toggle iOS 26.1 lets you choose your preferred look for Liquid Glass. In the Settings app, under Display...
Read Full Article
airtag purple

Apple's Website Lists AirTag 4-Pack at Shockingly Low Price [Updated]

Friday November 7, 2025 6:40 am PST by
Apple's online store in the U.S. is suddenly offering a pack of four AirTags for just $29, which is the same price as a single AirTag. This is likely a pricing error, and it is unclear if orders will be fulfilled. Apple has not discounted the AirTag four-pack in any other countries that we checked. Delivery estimates are already pushing into late November to early December, suggesting...
Read Full Article94 comments
apple watch se 3 always on

Apple to Remove iPhone-Apple Watch Wi-Fi Sync in EU With iOS 26.2

Thursday November 6, 2025 4:37 am PST by
Apple in iOS 26.2 will disable automatic Wi-Fi network syncing between iPhone and Apple Watch in the European Union to comply with the bloc's regulations, suggests a new report. Normally, when an iPhone connects to a new Wi-Fi network, it automatically shares the network credentials with the paired Apple Watch. This allows the watch to connect to the same network independently – for...
Read Full Article217 comments
ikea smart home devices

IKEA Debuts 21 HomeKit-Compatible Smart Bulbs, Sensors, and Controls

Thursday November 6, 2025 4:08 pm PST by
IKEA today announced the upcoming launch of 21 new Matter-compatible smart home products that will be able to interface with HomeKit and the Apple Home app. There are sensors, lights, and control options, all of which will be reasonably priced. Some of the products are new, while some are updates to existing lines that IKEA previously offered. There are a series of new smart bulbs that are...
Read Full Article74 comments
Home Hub Command Center with Dome Base Feature

Apple's 2026 Smart Home Revamp: All the Rumors

Wednesday November 5, 2025 3:54 pm PST by
It's been over a decade since Apple's HomeKit smart home platform launched, and it is overdue for an update. HomeKit and the Home app can no longer keep up with AI-powered solutions from other companies like Google and Amazon, but that's set to change with a smart home revamp that Apple has planned for 2026. Home Hub Apple is working on a home hub or "command center" that will serve as a...
Read Full Article56 comments