Common Windows Malware Can Now Infect Macs

A common form of malware on Windows systems has been modified into a new strain called "XLoader" that can also target macOS (via Bleeping Computer).

macOS Malware Feature
Derived from the Formbook info-stealer for Windows, XLoader is a form of cross-platform malware advertised as a botnet with no dependencies. It is used to steal login credentials, capture screenshots, log keystrokes, and execute malicious files. The malware was discovered by security researchers at Check Point Software.

A server hosting the macOS version of XLoader is available to bad actors on the dark web for $49 per month. Check Point tracked XLoader for a six-month period, seeing requests from 69 countries, indicating significant use across the world. More than half of all victims were based in the United States.

Formbook continues to be a prevalent threat, being part of over 1,000 malware campaigns in the last three years, and XLoader is expected to have even wider use given its cross-platform capability and greater level of sophistication.

Head of Cyber Research at Check Point, Yaniv Balmas, said that macOS's growing popularity has exposed it to increasing attention from cybercriminals, who see the platform as a worthwhile target.

While there might be a gap between Windows and macOS malware, the gap is slowly closing over time. The truth is that macOS malware is becoming bigger and more dangerous.

According to Check Point, XLoader is stealthy enough for it to remain hidden to most users. It is possible to check for its presence by using macOS's Autorun to check the username in the OS and look into the LaunchAgents folder, where entries with suspicious filenames should be deleted.

Tag: malware

Top Rated Comments

Sciomar Avatar
13 weeks ago

No matter what these Mac’s are protected. Let’s be real here.
I know we should all know this but for everyone in the room, Mac's have always been able to get a virus. They were such a small subset of the computing world the payoff wasn't huge. Things have changed with the more mainstream adoption of Macs and now it's open season for the bad guys.
Score: 33 Votes (Like | Disagree)
npmacuser5 Avatar
13 weeks ago
How does one get this malware? Important to know one has it but how did one get it just as important.
Score: 24 Votes (Like | Disagree)
skitidetdu Avatar
13 weeks ago

It is possible to check for its presence by using macOS's Autorun to check the username in the OS and look into the LaunchAgents folder, where entries with suspicious filenames should be deleted.
Can somebody explain what this means?

Edit: found a LaunchAgents folder in the library. Don't understand what AutoRun is
Score: 23 Votes (Like | Disagree)
urgs Avatar
13 weeks ago

Infection path would be good information.

Also, I generally find LittleSnitch to be a great defense against this kind of thing (as long as the virus doesn't disable it). It may still exist, but you can identify it by network access.

Can somebody explain what this means?

Edit: found a LaunchAgents folder in the library. Don't understand what AutoRun isFound something at 9to5mac
Found something at 9to5mac

1. Go to /Users/[username]/Library/LaunchAgents directory
2. Check for suspicious filenames in this directory (example below is a random name)

/Users/user/Library/LaunchAgents/com.wznlVRt83Jsd.HPyT0b4Hwxh.plist

if there is a file named like above, it's very likely you have been infected
Score: 22 Votes (Like | Disagree)
Blackstick Avatar
13 weeks ago
So XProtect gets new definitions and this becomes a non-issue...
Score: 13 Votes (Like | Disagree)
TheYayAreaLiving Avatar
13 weeks ago
No matter what these Mac’s are protected. Let’s be real here.

When was the last time you encountered your Mac got a virus?
Score: 13 Votes (Like | Disagree)

Related Stories

windows 11 3

Microsoft Releases Windows 11, Mac Virtualization Support Still Seems Unlikely

Tuesday October 5, 2021 4:34 am PDT by
Following three months of beta testing, Microsoft has officially released Windows 11, which brings a new design, new multitasking features, and other software additions to the PC-using public. Perhaps inspired by macOS, the main Windows 11 screen features rounded corners on several interface elements including application windows, and in combination with a new theming system that combines...
Windows 11 Parallels Feature

Parallels 17.1 Update Improves Windows 11 Support on Intel and M1 Macs, Compatibility With macOS Monterey

Friday October 15, 2021 3:12 am PDT by
Parallels Desktop 17.1 for Mac has ">just been released, offering improved support for Windows 11 virtual machines and added stability via the default implementation of Virtual Trusted Platform Modules (vTPMs) for "all future and past Windows 11 VMs." Parallels 17.1 also fully supports macOS Monterey as a host OS and improves the user experience when running macOS Monterey in a VM on M1 Macs. ...
mac scanner permission error

Apple Says Scanner Permission Error Fixed in macOS 11.6

Thursday September 23, 2021 2:16 pm PDT by
In an updated support document, Apple has indicated that a permission-related error when using a scanner on a Mac has been fixed as of macOS 11.6. When attempting to use a scanner with a Mac, Apple said users might have received an error message indicating they did not have permission to open the application. The error message said to contact a computer or network administrator for...
macos monterey

Apple Releasing macOS Monterey on October 25

Monday October 18, 2021 10:55 am PDT by
Following months of developer and public beta testing, Apple today announced that macOS Monterey will officially launch on Monday, October 25. macOS Monterey maintains the same design as macOS Big Sur but includes several enhancements across the system. macOS Monterey consists of a completely redesigned Safari, Shortcuts for the Mac, Quick Note, and Universal Control, which will be coming in ...
parallels 17

Parallels 17 Brings Windows 11 and macOS Monterey Virtualization Support, Improved Graphics, M1 Optimizations, and More

Tuesday August 10, 2021 12:11 am PDT by
Parallels Desktop 17 was released today, bringing native support for Windows 11 and macOS Monterey to both Intel and Apple silicon Macs, as well as a range of performance and compatibility improvements. It's worth noting from the off that the versions of Windows that Parallels 17 can run on an M1 Mac are currently limited to the Insider Previews for Windows 10 and Windows 11, due to their...
macOS Monterey on MBP Feature

Apple Seeds macOS Monterey Release Candidate to Developers

Monday October 18, 2021 11:10 am PDT by
Apple today seeded the release candidate version of macOS Monterey, the newest version of the macOS operating system. The release candidate comes less than one week after Apple released the tenth macOS Monterey beta. The release candidate is listed as version 12.0.1, presumably because Apple has made a few tweaks since 12.0 started being loaded onto the new MacBook Pro models, so the...
macos monterey safari favorites

Apple Releases macOS Big Sur Safari 15.1 Beta With Relocated Favorites Bar

Thursday October 14, 2021 1:27 pm PDT by
Apple today seeded a new beta of Safari 15.1 for macOS Big Sur and macOS Catalina, allowing developers to test the new Safari update ahead of its launch. Safari 15.1 is also the version of Safari that's available in the macOS Monterey beta. In yesterday's macOS Monterey release, Apple tweaked the design of the Favorites bar, moving it back up above the Tab bar where it was before Safari...
Windows 11 Parallels Feature

Microsoft Says ARM Windows Virtualization on Apple Silicon Macs 'Not a Supported Scenario'

Tuesday September 14, 2021 4:16 am PDT by
Macs powered by ‌Apple silicon do not support Windows and there is no Boot Camp feature like there is on Intel Macs, but support for Windows is a feature that many users would like to see. However, Microsoft has dampened hopes that Windows will ever work on Apple silicon, saying that running an Arm version of Windows 11 on M1 Macs, via virtualization or otherwise, is not "a supported...
macOS Monterey on MBP Feature

Apple Seeds Tenth Beta of macOS Monterey to Developers

Wednesday October 13, 2021 10:13 am PDT by
Apple today seeded the tenth developer beta of macOS Monterey, the newest version of the macOS operating system. The tenth beta comes one week after Apple released the ninth macOS Monterey beta. Registered developers can download the beta through the Apple Developer Center and once the appropriate profile is installed, betas will be available through the Software Update mechanism in System...
safari 15

Safari 15 Issues: YouTube Bookmarks Crash Browser, Some Websites Fail to Load on macOS Catalina

Monday September 27, 2021 9:00 pm PDT by
macOS Monterey is set to be released later this year with Safari 15, with key new features including redesigned tabs, grouped tabs, automatic switching of sites from HTTP to more secure HTTPS when available, faster performance, improved security, and more. Apple also released Safari 15 for macOS Big Sur and macOS Catalina last week. Unfortunately, some customers have experienced a few issues ...