A common form of malware on Windows systems has been changed to a new strain called 'XLoader' which can also affect macOS (via Bleeping Computer).
Derived from Formbook (a malware that steals user information) for Windows, XLoader is a form of cross-platform malware advertised as a dependency-free botnet. It is used to steal login credentials, take screenshots, record keystrokes and execute malicious files. The malware was discovered by Check Point Software security researchers.
A server hosting the macOS version of XLoader is available on the dark web for $ 49 per month. Check Point monitored XLoader for a period of six months, receiving inquiries from 69 countries, indicating significant usage worldwide. More than half of all victims resided in the United States.
Formbook remains a prevalent threat, being part of over 1.000 malware campaigns over the past three years, and XLoader is expected to have even more widespread use given its cross-platform capability and higher level of sophistication.
Yaniv Balmas, Check Point's Head of Cyber Investigation, said macOS's growing popularity has attracted growing attention from cybercriminals, who see the platform as a useful target.
While there may be a gap between Windows and macOS malware, the gap is slowly narrowing over time. The truth is, macOS malware is getting bigger and more dangerous.
According to Check Point, XLoader is stealthy enough to remain hidden from most users. You can check for their presence by using macOS autostart items to check the username in the operating system and look in the LaunchAgents folder, where entries with suspicious file names should be removed.