Common Windows Malware Can Now Infect Macs

A common form of malware on Windows systems has been modified into a new strain called "XLoader" that can also target macOS (via Bleeping Computer).

macOS Malware Feature
Derived from the Formbook info-stealer for Windows, XLoader is a form of cross-platform malware advertised as a botnet with no dependencies. It is used to steal login credentials, capture screenshots, log keystrokes, and execute malicious files. The malware was discovered by security researchers at Check Point Software.

A server hosting the macOS version of XLoader is available to bad actors on the dark web for $49 per month. Check Point tracked XLoader for a six-month period, seeing requests from 69 countries, indicating significant use across the world. More than half of all victims were based in the United States.

Formbook continues to be a prevalent threat, being part of over 1,000 malware campaigns in the last three years, and XLoader is expected to have even wider use given its cross-platform capability and greater level of sophistication.

Head of Cyber Research at Check Point, Yaniv Balmas, said that macOS's growing popularity has exposed it to increasing attention from cybercriminals, who see the platform as a worthwhile target.

While there might be a gap between Windows and macOS malware, the gap is slowly closing over time. The truth is that macOS malware is becoming bigger and more dangerous.

According to Check Point, XLoader is stealthy enough for it to remain hidden to most users. It is possible to check for its presence by using macOS's Autorun to check the username in the OS and look into the LaunchAgents folder, where entries with suspicious filenames should be deleted.

Tag: Malware

Top Rated Comments

Sciomar Avatar
31 months ago

No matter what these Mac’s are protected. Let’s be real here.
I know we should all know this but for everyone in the room, Mac's have always been able to get a virus. They were such a small subset of the computing world the payoff wasn't huge. Things have changed with the more mainstream adoption of Macs and now it's open season for the bad guys.
Score: 33 Votes (Like | Disagree)
npmacuser5 Avatar
31 months ago
How does one get this malware? Important to know one has it but how did one get it just as important.
Score: 24 Votes (Like | Disagree)
skitidetdu Avatar
31 months ago

It is possible to check for its presence by using macOS's Autorun to check the username in the OS and look into the LaunchAgents folder, where entries with suspicious filenames should be deleted.
Can somebody explain what this means?

Edit: found a LaunchAgents folder in the library. Don't understand what AutoRun is
Score: 23 Votes (Like | Disagree)
urgs Avatar
31 months ago

Infection path would be good information.

Also, I generally find LittleSnitch to be a great defense against this kind of thing (as long as the virus doesn't disable it). It may still exist, but you can identify it by network access.

Can somebody explain what this means?

Edit: found a LaunchAgents folder in the library. Don't understand what AutoRun isFound something at 9to5mac
Found something at 9to5mac

1. Go to /Users/[username]/Library/LaunchAgents directory
2. Check for suspicious filenames in this directory (example below is a random name)

/Users/user/Library/LaunchAgents/com.wznlVRt83Jsd.HPyT0b4Hwxh.plist

if there is a file named like above, it's very likely you have been infected
Score: 22 Votes (Like | Disagree)
Blackstick Avatar
31 months ago
So XProtect gets new definitions and this becomes a non-issue...
Score: 13 Votes (Like | Disagree)
TheYayAreaLiving ?️ Avatar
31 months ago
No matter what these Mac’s are protected. Let’s be real here.

When was the last time you encountered your Mac got a virus?
Score: 13 Votes (Like | Disagree)

Popular Stories

iOS 17

iOS 17.2 Will Add These 12 New Features to Your iPhone

Friday December 1, 2023 12:19 pm PST by
iOS 17.2 has been in beta testing for over a month, and it should be released to all users in a few more weeks. The software update includes many new features and changes for iPhones, including the dozen that we have highlighted below. iOS 17.2 is expected to be released to the public in mid-December. To learn about even more features coming in the update, check out our full list. Journal ...
iOS 16 4 Web Push

Apple Confirms Governments Using Push Notifications to Surveil Users

Wednesday December 6, 2023 5:06 am PST by
Unidentified governments are surveilling smartphone users by tracking push notifications that move through Google's and Apple's servers, a US senator warned on Wednesday (via Reuters). In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from the tech giants to track smartphones. The traffic flowing from apps that send push notifications...
airpods pro 2 pink

Apple Releases New AirPods Pro 2 Firmware

Tuesday December 5, 2023 11:28 am PST by
Apple today released new firmware update for both the Lightning and USB-C versions of the AirPods Pro 2. The new firmware is version 6B34, up from the 6B32 firmware introduced in November. Apple does not provide details on what features might be included in the refreshed firmware beyond "bug fixes and other improvements," so it is unclear what's new in the update, but prior software releases ...
Beyond iPhone 13 Better Blue

'All-Screen' iPhone Under-Display Camera Enters Development

Wednesday December 6, 2023 2:03 am PST by
Apple's Korean suppliers have begun developing smartphone under-display cameras (UDC), paving the way for the first iPhone with a true "all-screen" appearance. According to The Elec, LG Innotek has entered the preliminary development of the UDC, which sits under the display and does not result in a visible hole in the panel when the camera is not in use. A UDC differs from a typical front ...
iphone se 4 modified flag edges

iPhone SE 4 May Reuse Existing iPhone 14 Battery

Wednesday December 6, 2023 1:17 pm PST by
Recently, MacRumors has received details on the battery currently being tested on the upcoming fourth-generation iPhone SE, and the information corroborates previous findings in relation to the device. The iPhone SE 4, known by its device identifier D59, is expected to use the exact same battery found in the base model iPhone 14. Partially assembled prototypes of the next iPhone SE have been ...
magsafe blue 2

iOS 17.2 Brings Qi2 Support to iPhone 13 and iPhone 14 Models

Tuesday December 5, 2023 11:04 am PST by
The iOS 17.2 update that Apple is set to release to the public in the near future will bring support for the next-generation Qi2 wireless charging standard to the iPhone 13 and iPhone 14 models. Qi2 was mentioned in the release notes for the RC version of the update that came out today. With the addition of support for the new standard, iPhone 13 and iPhone 14 models will work with Qi2...
airpods pro bulbs

Black Friday Prices Return for AirPods Pro 2 With USB-C, iPad, and More

Tuesday December 5, 2023 7:30 am PST by
Today we're tracking a collection of deals that are matching - or nearly matching - the same all-time low discounts we saw during Black Friday. This includes the AirPods Pro 2 with USB-C, 9th generation iPad, and M1 MacBook Air. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the ...
12

Apple to Launch Two iPad Air and Two OLED iPad Pro Models Early Next Year

Wednesday December 6, 2023 9:53 am PST by
To boost falling iPad sales, Apple has a major refresh planned for the iPad lineup in early 2024, according to Bloomberg's Mark Gurman. Apple plans to debut new iPad Air and iPad Pro models, both of which will feature notable changes. The iPad Air will come in two sizes like the iPad Pro for the first time. The smaller model will continue to measure in at 10.9 inches, but the larger version...