A very popular malware that "steals" information from systems Windows, has been modified to one new executive named "XLoader", which can also target systems MacOS.
XLoader is currently offered in one basement forum as a botnet loader service that can "recover" passwords from web browsers and some email clients (Chrome, Firefox, Opera, Edge, IE, Outlook, Thunderbird, Foxmail).
Derived from the Formbook info-stealer for Windows, XLoader appeared on last February and became popular while advertised as a cross-platform botnet (Windows and macOS) without dependencies.
Η connection between the two executives malware was confirmed after a community member found that XLoader was as executable as Formbook.
The advertiser explained that the developer of Formbook contributed a lot to the creation of XLoader and that the two malware work in a similar way (steal login credentials, take screenshots, record keystrokes, and execute malicious files).
Customers can rent the version of macOS malware at the price of 49 $ (one month) and gain access to a server provided by the seller. By maintaining a central command and control infrastructure, authors can control how clients use malware.
The Windows version is more expensive as the seller asks 59 $ for a month and 129 $ for three months.
As mentioned in the ad, the creatorsXLoader also provide a free one Java binder, which allows clients to create a standalone JAR file with Mach-O and EXE binaries used by macOS and Windows.
Watching her 6 months of XLoader activity until 1 June, its malware researchers Check Point saw requests from 69 countries, which indicates a significant spread all over the worldwith more than half of the victims are in the US. Although Formbook is no longer advertised in underground forums, it is still a dominant threat. It was part of at least 1.000 malware campaigns in the last three years and according to AnyRun malware trends, info-stealer is located at fourth place in the last 12 months, after Emotet.
XLoader probably is more widespread, as it targets the two most popular operating systems used by consumers.
Check Point researchers report that XLoader is "hidden" enough to make it difficult for a user who does not have the technical skills to locate it.
Yaniv Balmas, head of cyber research at Check Point, said XLoader is "Much more mature and sophisticated than its predecessors". The researcher also pointed out that the growing popularity of macOS, exposed it to unwanted attention among cybercriminals, who now see the operating system as an attractive target.
Source of information: bleepingcomputer.com