Cyber security researchers on Wednesday unveiled details of evolving malware that has now been upgraded to steal sensitive information from Apple’s macOS operating system.
The malware, dubbed “XLoader”, is the successor to another well-known Windows information thief called Form which is known to suck credentials from various web browsers, collect screenshots, record keystrokes, and download and execute files from domains controlled by attackers.
“For as little as $ 49 on the Darknet, hackers can purchase licenses for the new malware, which can harvest login credentials, collect screenshots, log keystrokes, and execute files. malicious, “cybersecurity firm Check Point said report shared with The Hacker News.
Distributed via spoofed emails containing malicious Microsoft Office documents, XLoader is estimated to number infected victims in 69 countries between December 1, 2020 and June 1, 2021, with 53% of infections reported in the United States alone, followed by special administrative regions of China. (SAR), Mexico, Germany and France.
While the very first samples of Formbook were detected in the wild in January 2016, the sale of the malware on underground forums stopped in October 2017, only to be resurrected more than two years later in the form of XLoader. in February 2020. In October 2020, the latter was advertised for sale on the same forum that was used to sell Formbook, Check Point said. Formbook and its derivative XLoader would both share the same codebase.
According to statistics released by Check Point in early January, Formbook was third among most common malware families in December 2020, impacting 4% of organizations worldwide. It should be noted that the newly discovered XLoader malware for PC and Mac is not the same as XLloader for Android, which was first detected in April 2019.
“[XLoader] is much more mature and sophisticated than its predecessors, supporting different operating systems, especially macOS computers, ”said Yaniv Balmas, Head of Cyber Research at Check Point. “Historically, macOS malware was not that common. They generally fall under the category of “spyware”, not causing too much damage. “
“While there may be a gap between Windows and macOS malware, the gap is slowly narrowing over time. The truth is that macOS malware is getting bigger and bigger and more dangerous,” noted Balmas, adding that the results “are a perfect example and confirm this growing trend.”