XLoader, a very effective and popular malware for Windows OS, has now evolved to target Apple macOS. It is now a powerful botnet that steals passwords from all major web browsers and even some email clients.
Creators or XLoader now claim the malware is just as effective on Apple macOS, as it is on Windows PCs. The malware writers are now renting the same as a botnet loader service to interested buyers on a monthly subscription.
Web browsers and Email Clients on Windows OS and macOS now targeted by XLoader creators:
XLoader is currently on sale on the Dark Web. The creators are even advertising the capabilities of the botnet loader service.
According to the promotional post for XLoader, it can “recover” passwords from web browsers and some email clients. Web browsers such as Google Chrome, Mozilla Firefox, Opera, Microsoft Edge, and even the older IE are susceptible, claims the post.
A particularly powerful malware tool called #XLoader has been ported to the #Mac, and users can be tricked into giving it access to passwords, clipboard, and allowing it to take screenshots. https://t.co/exWDOglmEv pic.twitter.com/46WHJWvJzP
— AppleInsider (@appleinsider) July 21, 2021
Moving over to the Email clients that XLoader can target, names such as MS Outlook, Mozilla Thunderbird, and Foxmail pop up.
While Ransomware as a service is on the rise, the creators of XLoader are offering the platform on rent. Interested parties can rent the macOS malware version for $49 per month.
XLoader, the loader making the news, is advertised on HackForums. In 2011 it appears they attempted to advertise on XSS and OpenSC using a Russian-to-English translator.
They're native English speakers operating out of NATO territory. Don't piss and shit where you sleep. pic.twitter.com/HtrzSsUBwj
— vx-underground (@vxunderground) July 21, 2021
The Windows version demands $59 for a one-month license, and $129 gives three months access. Subscribers will also receive access to a server that the seller provides.
Recent ransomware attacks have revealed how malware users are aggressively going after anything susceptible. Learning from the same, XLoader creators are controlling access using this model. In other words, a centralized command and control infrastructure gives the authors control over how clients use the malware.
XLoader, un malware en location très populaire, est désormais compatible avec macOS https://t.co/al2VlRMgLS
— MacGeneration (@MacGeneration) July 21, 2021
XLoader creators are also offering a Java binder for free. This allows customers to create a standalone JAR file with the Mach-O and EXE binaries common in macOS and Windows.
How does the XLoader malware for macOS and Windows OS work?
XLoader reportedly originated from Formbook info-stealer for Windows. Needless to mention, its creators have significantly tweaked the malware.
The malware creators claim XLoader is a capable cross-platform botnet with no dependencies. It can work just as efficiently and effectively on macOS as it does on a Windows PC.
— The Hacker News (@TheHackersNews) July 21, 2021
It seems Formbook’s developers have worked on the XLoader malware. Both the services have very similar targets and methods. They both steal login credentials, capture screenshots, log keystrokes, and execute malicious files.
Xloader is now increasingly popular as the majority of hard work is already done. Reports indicate potential customers from about 69 countries have shown their interest. However, the most number of victims are from the U.S.