Skip to main content

This $49 malware could steal all your Mac data

Malware
(Image credit: solarseven / Shutterstock)
Audio player loading…

Security researchers from Check Point Research (opens in new tab) have observed a new strain of malware (opens in new tab) in the wild that has evolved to steal data from MacOS (opens in new tab) users.

This new strain is named “XLoader” and is derived from the infamous Formbook malware that has been active for over five years. While Formbook was initially created to be a simple keylogger (opens in new tab), cybercriminals saw its potential has a universal tool which led its creator to stop sales of the product before relaunching it as XLoader.

While Formbook was used to primarily target Windows users in the past, after its rebranding as XLoader last year, it gained additional capabilities including the ability to target Macs (opens in new tab).

What makes XLoader particularly dangerous is the fact that a license for the malware can be purchased on the Dark Web (opens in new tab) for as little as $49. Cybercriminals who purchase an XLoader license are then equipped to harvest log-in credentials, collect screenshots, log keystrokes and execute malicious files on victim's machines.

XLoader malware

Check Point Research tracked XLoader activity between December of last year and June of this year to discover that over half (53%) of victims infected with the malware reside in the United States. Hong Kong was the second hardest hit at just nine percent followed by Mexico and Germany at five percent and three percent respectively.

As XLoader is spread using spam emails that contain malicious files, Check Point Research recommends that users avoid opening suspicious email attachments, visiting suspicious websites and using malware removal software (opens in new tab) to avoid having their Mac or PC infected.

However, if you think your system has become infected, the cybersecurity firm says that ordinary users should consult with a security professional as XLoader is stealth in nature and difficult to detect. 

More experienced users can run Autorun on their Macs, check their username in the OS, go to /Users/[username/Library/LaunchAgents directory and look for suspicious filenames to see if they are infected. Removing any suspicious files should then also remove XLoader from your system though this method isn't for the inexperienced.

Head of cyber research at Check Point Software, Yaniv Balmas explained why cybercriminals are increasingly targeting Mac users (opens in new tab), saying:

“While there might be a gap between Windows and MacOS malware, the gap is slowly closing over time. The truth is that MacOS malware is becoming bigger and more dangerous. Our recent findings are a perfect example and confirm this growing trend. With the increasing popularity of MacOS platforms, it makes sense for cyber criminals to show more interest in this domain, and I personally anticipate seeing more cyber threats following the Formbook malware family. I would think twice before opening up any attachments from emails I get from senders I don’t know.”

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.