XLoader modified for macOS: Windows OS malware offered as botnet loader service that can “recover” passwords from web browsers

XLoader Malware Formbook macOS Windows OS
Xloader, now for macOS and Windows. Pic credit: Farm1/Flickr

XLoader, a very effective and popular malware for Windows OS, has now evolved to target Apple macOS. It is now a powerful botnet that steals passwords from all major web browsers and even some email clients.

Creators or XLoader now claim the malware is just as effective on Apple macOS, as it is on Windows PCs. The malware writers are now renting the same as a botnet loader service to interested buyers on a monthly subscription.

Web browsers and Email Clients on Windows OS and macOS now targeted by XLoader creators:

XLoader is currently on sale on the Dark Web. The creators are even advertising the capabilities of the botnet loader service.

According to the promotional post for XLoader, it can “recover” passwords from web browsers and some email clients. Web browsers such as Google Chrome, Mozilla Firefox, Opera, Microsoft Edge, and even the older IE are susceptible, claims the post.

Moving over to the Email clients that XLoader can target, names such as MS Outlook, Mozilla Thunderbird, and Foxmail pop up.

While Ransomware as a service is on the rise, the creators of XLoader are offering the platform on rent. Interested parties can rent the macOS malware version for $49 per month.

The Windows version demands $59 for a one-month license, and $129 gives three months access. Subscribers will also receive access to a server that the seller provides.

Recent ransomware attacks have revealed how malware users are aggressively going after anything susceptible. Learning from the same, XLoader creators are controlling access using this model. In other words, a centralized command and control infrastructure gives the authors control over how clients use the malware.

XLoader creators are also offering a Java binder for free. This allows customers to create a standalone JAR file with the Mach-O and EXE binaries common in macOS and Windows.

How does the XLoader malware for macOS and Windows OS work?

XLoader reportedly originated from Formbook info-stealer for Windows. Needless to mention, its creators have significantly tweaked the malware.

The malware creators claim XLoader is a capable cross-platform botnet with no dependencies. It can work just as efficiently and effectively on macOS as it does on a Windows PC.

It seems Formbook’s developers have worked on the XLoader malware. Both the services have very similar targets and methods. They both steal login credentials, capture screenshots, log keystrokes, and execute malicious files.

Xloader is now increasingly popular as the majority of hard work is already done. Reports indicate potential customers from about 69 countries have shown their interest. However, the most number of victims are from the U.S.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x