Virulent Windows 'XLoader' malware is now on macOS

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

A particularly powerful malware tool called XLoader has been ported to the Mac, and users can be tricked into giving it access to passwords, clipboard, and allowing it to take screenshots.

Malware on Mac is still a small-scale threat compared to Windows, but it is growing, and there have even been Apple Silicon versions. Now the infamous XLoader malware for Windows has been detected on Macs.

"While there might be a gap between Windows and MacOS malware, the gap is slowly closing over time. The truth is that MacOS malware is becoming bigger and more dangerous," said Yaniv Balmas of Check Point Security, which discovered the macOS version, told Bleeping Computer.

Check Point Security has previously discovered security issues ranging from Apple's Contacts app to Amazon's Alexa. It says now that, combining Windows and Mac, XLoader is the fourth most-used malware tool in the year up to June 1, 2021.

Originally known as Formbook, XLoader has changed over the past few years to become not only cross-platform, but also what Check Point calls "malware as a service." Bad actors can effectively rent the malware, starting at $49 for a month, so long as they also pay an unspecified further fee to use particular servers belonging to the company behind XLoader.

What that bad actor can get is access to a user's Mac. However, XLoader can't be added or run on a Mac without explicit permission from that user. So the technical malware is typically run alongside social manipulation, designed to trick users into allowing XLoader to run.

"One of the most exciting things about the new malware [variant] was its ability to operate in the macOS," said Check Point Security in a report. "With approximately 200 million users operating macOS in 2018 (as reported by Apple), this is definitely a promising new market for the malware to enter."