XLoader malware migrates from Windows machines to Macs

MalwareA new threat has emerged that is targeting macOS users. Moonlock Lab has discovered a malware sample that has evaded detection on VirusTotal since its first submission on May 17, 2024.

As noted by 9to5Mac, security researchers at Check Point, XLoader malware has now migrated from Windows machines to attack Macs, too.

Here’s their report: 

Check Point Research (CPR) sees a new strain of malware that has evolved to steal the information of MacOS users. Named “XLoader”, the new strain is a derivative of the famous “Formbook” malware family, which mainly targeted Windows users, but disappeared from being on sale in 2018. Formbook rebranded to XLoader in 2020. Over the past six months, CPR studied XLoader’s activities, learning that XLoader is prolific, targeting not just Windows, but to CPR’s surprise, Mac users as well.  

Hackers can buy XLoader licenses on the Darknet for as low as $49, equipping them with capabilities to harvest log-in credentials, collect screenshots, log keystrokes, and execute malicious files. Victims are tricked into downloading XLoader via spoofed emails that contain malicious Microsoft Office documents.

This is a potential threat to all Mac users. In 2018, Apple estimated that over 100M Macs were in use. 

CPR tracked Xloader activity between December 1, 2020 and June 1, 2021. CPR saw XLoader requests from as many as 69 countries. Over half (53%) of the victims reside in the United States.

However, as 9to5Mac notes, the good news is that it does require user action to trigger it. Attackers typically send an email that contains the malware embedded into Microsoft Office documents.

Dennis Sellers
the authorDennis Sellers
Dennis Sellers is the editor/publisher of Apple World Today. He’s been an “Apple journalist” since 1995 (starting with the first big Apple news site, MacCentral). He loves to read, run, play sports, and watch movies.