A common form of malware on Windows systems has been modified into a new strain called "XLoader" that can also target macOS (via Bleeping Computer).
Derived from the Formbook info-stealer for Windows, XLoader is a form of cross-platform malware advertised as a botnet with no dependencies. It is used to steal login credentials, capture screenshots, log keystrokes, and execute malicious files. The malware was discovered by security researchers at Check Point Software.
A server hosting the macOS version of XLoader is available to bad actors on the dark web for $49 per month. Check Point tracked XLoader for a six-month period, seeing requests from 69 countries, indicating significant use across the world. More than half of all victims were based in the United States.
Formbook continues to be a prevalent threat, being part of over 1,000 malware campaigns in the last three years, and XLoader is expected to have even wider use given its cross-platform capability and greater level of sophistication.
Head of Cyber Research at Check Point, Yaniv Balmas, said that macOS's growing popularity has exposed it to increasing attention from cybercriminals, who see the platform as a worthwhile target.
While there might be a gap between Windows and macOS malware, the gap is slowly closing over time. The truth is that macOS malware is becoming bigger and more dangerous.
According to Check Point, XLoader is stealthy enough for it to remain hidden to most users. It is possible to check for its presence by using macOS's Autorun to check the username in the OS and look into the LaunchAgents folder, where entries with suspicious filenames should be deleted.
