The XLoader Malware
In an article published on Wednesday, Check Point Research (CPR) says that there is a new strain of the notorious FormBook stealer that is being distributed under the name of XLoader. The study reveals that FormBook was stopped from being sold on malware marketplaces in 2018, only to resurface under the name XLoader two years later.
While the prior version was targeting mainly Windows users, the new version of the old FormBook form-stealer and keylogger adds Mac users to its target list, and is flying off the shelves on underground markets for as little as $49. According to the report, a new version for Linux is in the works, and Linux users are likely to be the next targets in the list.
What makes the XLoader data stealer stand out from other malware that is offered as malware-as-a-service is that it’s inexpensive and drop-dead easy to use, providing even code novices with a multifunctional malware tool in their hand.
XLoader has been active over the last six months, attacking mostly Windows users, but it has also turned its attention to something new and unexpected, specifically to Mac users.
The license for XLoader begins at $49 – a price that even the least professional and underfunded cyberattackers would give to grab a tool that they can use to harvest login credentials, gather screenshots, record keystrokes, and even launch harmful programs.
Victims are fooled into downloading XLoader through emails that are disguised as legitimate Microsoft Office documents and include malicious files.
The rebranded XLoader was first spotted in an underground forum on February 6, 2020. Since then, the malware has been hitting both Mac and Windows users very actively.
As per the available information, download requests from attackers ready to try the new XLoader stealer have been recorded in 69 countries.
Security researchers are concerned about the possibility of this threat climbing the top of the malware’s ranking list and are suggesting to cut off XLoader’s likelihood of infection by adopting some simple safety measures which are equally valid for both MacOS and Windows:
- Keep away from attachments from questionable senders.
- Refrain from visiting questionable websites.
- Use third-party security software to assist the detection and prevent harmful activity on your computer.
Users who suspect that they have been infected should best consult with a security professional or use reliable third-party tools to identify, block and remove the threat from their computer.