blog posts

What Is XLoader Malware?

XLoader originated as a part of Formbook which is an information stealer for Windows. Labeled as a cross-platform botnet with no dependencies, XLoader has since taken macOS under its grip.

This malware is currently part of an underground offering as a botnet loader service and is used to recover passwords from web browsers as well as some email clients. The biggest problem with XLoader is that it is very lightweight and therefore often goes undetected on the infected device.

The Check Point Software research team recently claimed to have discovered a new malware for the Mac OS called XLoader. According to the researchers, this hack is of the “malware as a service” type و and can extract users’ login information from browsers, take screenshots of the user’s system environment, record whatever can be typed, and download and run malicious files.

According to the research team, the XLoader malware, which is not related to the Android version of the same name, sells for about $ 49 on Darkoob, and hackers from 69 countries have bought it, and 53% of the victims of this hack are from the United States.

How XLoader malware infiltrates

How this malware infiltrates Mac’s system is very simple: Deceived victims download malicious Word files, allowing XLoader malware to enter their systems. XLoader is derived from the old Windows malware called Formbook, the fourth most common Windows malware. Formbooks have been used in widespread spam campaigns aimed at attacking global organizations.

Yano Balmas, director of cyber research at Check Point Software, pointed to the misconceptions of Mac users.

Mac OS users mistakenly think that Apple’s platforms are more secure than other platforms. Although there is a gap between the number of Windows and Mac OS malware, this gap is narrowing over time. The fact is that the Mac OS X malware is becoming more and more dangerous.

Nevertheless, the results of one survey showed that despite the increasing security threats in the Mac OS, large companies still consider Mac OS the most secure operating system.

With the growing popularity of the Mac OS platform, it makes sense for cyber-attackers to turn their attention to the platform even more, and it is expected that more cyber threats from the Formbook malware family will jeopardize Mac OS security in the future. Craig Federighi, Apple’s senior vice president of software engineering, recently said that Mac security is not as good as iOS devices and that the number of Mac malware is growing.

According to Federighi, more than 130 types of malware have infected 300,000 Macs. According to a new Atlas VPN report, the number of MacOS malware will grow by one thousand percent in 2020 compared to 2019, from 56,556 to 670,273.

The number of Mac OS users reached about 200 million in 2018

While the number of Mac OS users reached about 200 million in 2018, according to Apple, the operating system has become a booming market for malware makers. Some software companies, such as Jamf, are developing tools to secure the Mac platform. However, human error plays a major role in infecting systems with malware. Because malware is required to infiltrate the system, the user must first open infected Word documents. The human factor is the weakest link in the operating system security chain.

How to prevent the system from getting infected with Xloader?

Xloader malware enters the operating system from the old method of downloading infected Word files; For this reason, its risks can be reduced by traditional methods of protection against cyber attacks. To prevent MacOS from becoming infected with this malware, you need:

• Do not open suspicious attachments sent to you by unknown individuals;
• Do not visit websites that you do not trust;
• Use anti-virus software.

Do not open suspicious attachments sent to you by unknown individuals;

Phishing is the most prevalent way for hackers to install malware on your device. Most phishing scams lure people into opening emails or clicking on a link that may appear to come from a legitimate or reputable source. The link generally transports the users to a fake website where they are prompted to enter their personal details and login credentials.

Or they might be directed to a website that can infect their device with malware.

As a rule of thumb, always be cautious about opening any links.

Do not visit websites that you do not trust;

Never download any apps or programs generated by pop-ups. Clicking on links within pop-up screens should be avoided at any cost. The good news is that most web browsers are equipped to stop pop-up ads. And have settings that allow you to set the security for pop-ups.

To err on the side of caution, it is best to have pop-ups disabled in your browser settings.

Install Antivirus Software

One of the most effective ways to protect against malware is to use strong antivirus protection as it can protect your device from malicious software.

An antivirus program not only scans your computer to detect and clean the malware. But also provides automatic updates for enhanced protection against newly created infections.

How can Xloader malware infection be detected?

According to the researchers, one of the ways that Mac users can be sure. That the operating system is infected with this malware is:

Select Go from the Finder menu;
Click on … Go to Folder;
To open the LaunchAgents folder, type this phrase in the opened box: ers Users / your username / Library / LaunchAgents (put your username instead of your username) ‌

Conclusion

If you see a suspicious file with a strange and unusual name, drag it to the trash can icon and delete it. Researchers also recommend that you use antivirus software to detect suspicious files.