A new malware has just jumped from Windows to macOS. Is named XLoader And it can be easily bought on the Deep Web for 49 Euros (~ $ XNUMX), to be able to attack whoever you want, it doesn't matter if you have a Windows PC or a Mac with macOS. What a fabric.
And once "the bug" is entered into the victim's machine, it can record keystrokes, capture screens, and access other private data. Well I repeat: What a fabric.
The well-known XLoader malware has now migrated from Windows PCs to attack Macs running macOS as well. An evolution of the malware known as Formbook, allows an attacker to record keystrokes, take screenshots and access other private information on a computer with Microsoft or Apple software indistinctly.
Such malware can easily be found on the dark web by 49 Euros. Once purchased, you can attack any computer regardless of whether it has Windows or macOS installed.
The good news is that it requires user action to activate it. You need run it on the victim's machine. Attackers typically send an email containing the malware embedded in a Microsoft Office document. Once the document is open, it goes into action.
This is a potential threat to all Mac users. In 2018, Apple estimated that more than 100 million Macs were running some kind of malware.
Check Point Research tracked Xloader activity between December 1, 2020 and June 1, 2021. The RCP saw XLoader requests from up to 69 countries. More than half (53%) of the victims reside in the United States.
XLoader it's stealth, which means it's hard to tell when a Mac is infected with it, but Apple provides a method of checking.
- Go to the / Users / [username] / Library / LaunchAgents directory
- Check for suspicious file names in this directory (example below is a random name) /Users/user/Library/LaunchAgents/com.wznlVRt83Jsd.HPyT0b4Hwxh.plist
As with any malware, you can minimize the risk of infection by avoiding incomplete websites and being careful with attachments. Never open an attachment unless you know the sender and are waiting for it, because it is common for attackers to spoof an email address.