Malware developers often rebrand their projects to attract new blood, or to let the public know that they are presenting new features, which come with the 'improved' version of their project. The authors of the infamous FormBook Malware appear to be using this exact strategy. They seem to have rebranded their malware to go by the name XLoader. However, the new XLoader Infostealer has one major advantage over its predecessor – it can infect Mac users. This is a game-changer in the world of cyber-security since it means that any crook with $49 to spare can start attacking an operating system whose users often neglect cyber-security. It is important to note that this threat is different from the older XLoader, which went after Android and iOS devices.
XLoader is Under the Spotlight Because of Its Low Entry Price
Currently, XLoader appears to be the main talking point of underground hacking forums and, unfortunately, its creators appear to be enjoying major success. The low price tag of this malware-as-a-service project turns it into an excellent choice for any cybercriminal to use, regardless of their experience. There is no programming involved – all that customers need to do is spread the payload, which the seller prepares. The data is collected and dumped to a remote server, where the buyer can view it after supplying their login credentials.
53% of XLoader's Victims are in the United States
Another concerning fact about this campaign is that the majority of active XLoader instances are located in the United States – about 53% of victims have US-based IP addresses. Since any cybercriminal can get their hands on this piece of malware, it is safe to assume that all possible attack vectors will come to use. We advise our readers to stay cautious and:
- Avoid downloading files from unknown sources.
- Limit visits to torrent trackers.
- Never download pirated media, software or games.
- Avoid interacting with random, unknown online advertisements.
- Be wary of emails urging you to view an attachment – email spoofing is a popular way to distribute malware.
- Last but not least, keep your Mac device protected by an up-to-date anti-virus tool.
If the XLoader Infostealer executes its attack successfully, it has the ability to collect data from Web browsers and email clients. Just like its predecessor, it also packs a keylogger module, as well as the ability to grab screenshots of the desktop. Do not overestimate the security of your Mac – using an anti-virus application is a must. Cybercriminals are focusing more and more on Apple's operating system since Macs are increasing in popularity rapidly.