XLoader is a newly discovered strain of malware designed to infect systems running macOS. This new strain was built from a malware strain called FormBook which was designed to steal passwords from Windows-based machines. The new strain is currently being offered on at least one forum on the Dark Web. It is being billed as a botnet loader service which can "recover" passwords from a variety of web browsers and email clients.
These include but are not limited to:
- Foxmail
- Thunderbird
- Outlook
- Internet Explorer
- Microsoft Edge
- Opera
- Firefox
- And Google Chrome
The Windows-based variant of the malware is being offered on the Dark Web for rent for $59 a month. The macOS version is being offered for $49 a month.
Formbook has played a role in more than a thousand malware campaigns over the last three years and ranks as the 4th most prevalent strain of malware on the web. Although Formbook campaigns have impacted users around the world more than half of the affected users have been in the United States.
If the popularity of Formbook is any indication then Mac users are in for a tough time in the weeks and months ahead. Odds are excellent that we'll be seeing and hearing about a wide range of XLoader attacks.
The internet security company CheckPoint discovered the new strain. Yaniv Balmas, of CheckPoint, observed that this new variant is far more sophisticated and advanced than its predecessor.
Balmas warns that although there has historically been a large gap between the prevalence of malware in the Windows and Mac ecosystems that gap is closing quickly. The threats to Mac users are growing almost by the day. If you have Macs in service in your office be on the alert and keep a sharp eye out for this threat.