Common Windows Malware Can Now Infect Macs

A common form of malware on Windows systems has been modified into a new strain called "XLoader" that can also target macOS (via Bleeping Computer).

macOS Malware Feature
Derived from the Formbook info-stealer for Windows, XLoader is a form of cross-platform malware advertised as a botnet with no dependencies. It is used to steal login credentials, capture screenshots, log keystrokes, and execute malicious files. The malware was discovered by security researchers at Check Point Software.

A server hosting the macOS version of XLoader is available to bad actors on the dark web for $49 per month. Check Point tracked XLoader for a six-month period, seeing requests from 69 countries, indicating significant use across the world. More than half of all victims were based in the United States.

Formbook continues to be a prevalent threat, being part of over 1,000 malware campaigns in the last three years, and XLoader is expected to have even wider use given its cross-platform capability and greater level of sophistication.

Head of Cyber Research at Check Point, Yaniv Balmas, said that macOS's growing popularity has exposed it to increasing attention from cybercriminals, who see the platform as a worthwhile target.

While there might be a gap between Windows and macOS malware, the gap is slowly closing over time. The truth is that macOS malware is becoming bigger and more dangerous.

According to Check Point, XLoader is stealthy enough for it to remain hidden to most users. It is possible to check for its presence by using macOS's Autorun to check the username in the OS and look into the LaunchAgents folder, where entries with suspicious filenames should be deleted.

Tag: malware

Top Rated Comments

Sciomar Avatar
3 days ago at 08:20 am

No matter what these Mac’s are protected. Let’s be real here.
I know we should all know this but for everyone in the room, Mac's have always been able to get a virus. They were such a small subset of the computing world the payoff wasn't huge. Things have changed with the more mainstream adoption of Macs and now it's open season for the bad guys.
Score: 32 Votes (Like | Disagree)
npmacuser5 Avatar
3 days ago at 08:19 am
How does one get this malware? Important to know one has it but how did one get it just as important.
Score: 24 Votes (Like | Disagree)
skitidetdu Avatar
3 days ago at 08:31 am

It is possible to check for its presence by using macOS's Autorun to check the username in the OS and look into the LaunchAgents folder, where entries with suspicious filenames should be deleted.
Can somebody explain what this means?

Edit: found a LaunchAgents folder in the library. Don't understand what AutoRun is
Score: 22 Votes (Like | Disagree)
urgs Avatar
3 days ago at 08:51 am

Infection path would be good information.

Also, I generally find LittleSnitch to be a great defense against this kind of thing (as long as the virus doesn't disable it). It may still exist, but you can identify it by network access.

Can somebody explain what this means?

Edit: found a LaunchAgents folder in the library. Don't understand what AutoRun isFound something at 9to5mac
Found something at 9to5mac

1. Go to /Users/[username]/Library/LaunchAgents directory
2. Check for suspicious filenames in this directory (example below is a random name)

/Users/user/Library/LaunchAgents/com.wznlVRt83Jsd.HPyT0b4Hwxh.plist

if there is a file named like above, it's very likely you have been infected
Score: 22 Votes (Like | Disagree)
TheYayAreaLiving Avatar
3 days ago at 08:17 am
No matter what these Mac’s are protected. Let’s be real here.

When was the last time you encountered your Mac got a virus?
Score: 15 Votes (Like | Disagree)
Blackstick Avatar
3 days ago at 08:15 am
So XProtect gets new definitions and this becomes a non-issue...
Score: 13 Votes (Like | Disagree)

Top Stories

Windows 11 Parallels Feature

Windows 11 for Mac in the Works, Says Parallels Desktop

Thursday July 1, 2021 5:56 am PDT by
The popular software for virtualizing Windows on macOS, Parallels Desktop, has confirmed that support for the newly announced Windows 11 is in the works for Mac computers. Last week, Microsoft unveiled Windows 11, the next major version of the Windows operating system. Obviously, Windows 11 won't be supported on Mac computers, but as is normal, some Mac users run virtualized desktops on...
Auto Resize in Monterey Feature 2

macOS Monterey Automatically Resizes Windows Moved to a Secondary Display

Wednesday June 9, 2021 7:13 am PDT by
Apple announced macOS Monterey this week, and one small but convenient feature that went unmentioned during the WWDC keynote is automatic window resizing. As explained on the macOS Monterey features page, windows now automatically resize when they are moved from a Mac's built-in display to a secondary display, including an external monitor, another Mac, or an iPad using Sidecar. This...
safari macos icon banner

Apple Releases Safari 14.1.2 Update for macOS Catalina and macOS Mojave

Monday July 19, 2021 2:00 pm PDT by
Apple today released a new Safari 14.1.2 update that's available for macOS Catalina and macOS Mojave users. The update likely includes important security fixes, but Apple has yet to outline what these fixes might be. New Safari updates are normally introduced alongside new macOS updates for the current version of macOS and security updates for older versions of macOS, but the Safari...
tim cook privacy

Apple Not Trying Hard Enough to Protect Users Against Surveillance, Researchers Say

Friday July 23, 2021 6:46 am PDT by
Following the news of widespread commercial hacking spyware on targeted iPhones, a large number of security researchers are now saying that Apple could do more to protect its users (via Wired). Earlier this week, it was reported that journalists, lawyers, and human rights activists around the world had been targeted by governments using phone malware made by the surveillance firm NSO Group...
macos monterey safari beta 3

macOS Monterey Beta 3: Apple Redesigns Safari Tab Interface Following Complaints

Wednesday July 14, 2021 11:39 am PDT by
In the third developer beta of macOS Monterey, which came out this morning, Apple has overhauled the design of Safari, making the tab bar more similar to the current tab bar in macOS Big Sur. The prior Safari design did away with the dedicated URL and search interface, instead allowing any individual tab to be used for navigation input. Tabs were also all arranged at the top of the display...
MicrosoftTeams image 13

Microsoft's New Cloud PC Service Can Stream Windows to Mac and iPad

Thursday July 15, 2021 2:49 am PDT by
Microsoft has announced Windows 365, a new Cloud PC service that allows users to stream a Windows desktop via web browser to any device, including Macs and iPads. The service works similar to the company's Xbox Cloud Gaming service – the Windows OS is loaded on a remote computer in the cloud, and Microsoft streams the entire desktop PC experience to the user's device. Microsoft is calling ...
macOS Monterey on MBP Feature

Apple Seeds Third Beta of macOS 12 Monterey to Developers

Wednesday July 14, 2021 10:07 am PDT by
Apple today seeded the third developer beta of macOS Monterey, the newest version of the macOS operating system. The third beta comes nearly three weeks after Apple released the second macOS Monterey beta. Registered developers can download the beta through the Apple Developer Center and once the appropriate profile is installed, betas will be available through the Software Update mechanism...
imessage ios14

Microsoft CEO Would 'Welcome' Apple to Bring iMessage to Windows

Thursday June 24, 2021 10:03 am PDT by
Following his company's reveal of Windows 11, Microsoft CEO Satya Nadella sat down with The Wall Street Journal's Joanna Stern to discuss the next generation of Windows and the possibility of Apple bringing some of its services, such as iMessage, to Windows. One major theme of Windows 11 is its openness to third-party app marketplaces and Microsoft's end goal of making the platform a center ...
macos monterey tidbits feature copy

Apple Releases Second Public Beta of macOS 12 Monterey

Friday July 16, 2021 10:32 am PDT by
Apple today seeded the second public beta of the macOS 12 Monterey beta to public beta testers, allowing non-developers to test the new macOS Monterey software ahead of its public release. The second beta comes two weeks after Apple released the first macOS Monterey public beta. Public beta testers can download the macOS 12 Monterey update from the Software Update section of the System...
windows 11 running android apps

Windows 11 Will Run Android Apps From Amazon Appstore

Thursday June 24, 2021 9:21 am PDT by
Microsoft today held an event where it unveiled Windows 11, the next generation of Windows with a new design, new versatility capabilities, gaming improvements, and more. One notable announcement was that, starting with Windows 11, PCs will be able to run Android apps. Logically, Microsoft would partner with the Google Play Store to offer Android apps on its platforms. However, the company...