XLoader malware attacks Mac users, collects login information, takes screenshots
Security researchers at Check Point Research (CPR) have just warned about the extremely dangerous XLLoader malware that is attacking both Windows and Mac users.
According to CPR, XLLoader is a new strain of the famous Frombook malware that mainly targets Windows users. However, as of 2018 Frombook is no longer for sale by its author on the dark web.
In 2020, Frombook returns with a new name, XLLoader. Over the past 6 months, XLLoader has been rampant and not just targeting Windows anymore. XLoader caught CPR by surprise when it hit Mac users as well.
Another special feature is that XLLoader is sold on the Darknet for as low as 49 USD. Hackers who own XLLoader can deploy it to collect logins, collect screenshots, log keystrokes, and run other malicious files.
Victims are tricked into downloading XLLoader through fake emails that include Microsoft Office documents containing malicious code.
CPR shared that Mac computer owners are often complacent that macOS is more secure than Windows, so it is difficult to get infected with malicious code. However, now more and more malware is targeting macOS with increasing danger.
macOS is becoming more and more popular, so cybercriminals are more and more interested in this platform. After XLoader, there will be other malicious codes targeting Mac users.
To check if your Mac is infected with XLoader, you can follow these steps:
- Access directory: /Users/[username]/Library/LaunchAgents
- Check for files with suspicious names in this directory, for example a file with a random name like this: /Users/user/Library/LaunchAgents/com.wznlVRt83Jsd.HPyT0b4Hwxh.plist
Like other malicious code, to reduce the risk of XLoader infection, you should avoid accessing untrusted websites, be careful with attachments.
You should read it
- Modular Malware - New stealth attack method to steal data
- Fileless malware - Achilles heel of traditional antivirus software
- What is malware analysis? How are the steps taken?
- A new kind of malware is spreading through Messenger and Skype spam messages
- 5 signs of computer infection with malware
- How to Remove Malware from a Mac
- Microsoft warned about malware attacking XP
- ChromeLoader malware rages around the world, attacking both Windows and Mac
- The 4 most common ways to spread malware today
- Tips to increase security for Mac OS X
- Prevent malware from breaking into the BIOS
- How many types of malware do you know and how to prevent them?
Maybe you are interested
What is PetitPotam Attack? How to overcome PetitPotam attack The Microsoft MSERT tool can find web shells related to the Exchange Server attack campaign Many encrypted SSDs can be decoded without a password Wsreset tool of Windows 10 Store was used by hackers to bypass anti-virus software The CredSSP vulnerability in the RDP protocol affects all versions of Windows Detects two serious vulnerabilities on uTorrent that can help hackers execute malicious code or view download history on your computer