Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Common Windows Malware Can Now Infect Macs

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,558
30,889


A common form of malware on Windows systems has been modified into a new strain called "XLoader" that can also target macOS (via Bleeping Computer).

macOS-Malware-Feature.jpg

Derived from the Formbook info-stealer for Windows, XLoader is a form of cross-platform malware advertised as a botnet with no dependencies. It is used to steal login credentials, capture screenshots, log keystrokes, and execute malicious files. The malware was discovered by security researchers at Check Point Software.

A server hosting the macOS version of XLoader is available to bad actors on the dark web for $49 per month. Check Point tracked XLoader for a six-month period, seeing requests from 69 countries, indicating significant use across the world. More than half of all victims were based in the United States.

Formbook continues to be a prevalent threat, being part of over 1,000 malware campaigns in the last three years, and XLoader is expected to have even wider use given its cross-platform capability and greater level of sophistication.

Head of Cyber Research at Check Point, Yaniv Balmas, said that macOS's growing popularity has exposed it to increasing attention from cybercriminals, who see the platform as a worthwhile target.
While there might be a gap between Windows and macOS malware, the gap is slowly closing over time. The truth is that macOS malware is becoming bigger and more dangerous.
Click to expand...
According to Check Point, XLoader is stealthy enough for it to remain hidden to most users. It is possible to check for its presence by using macOS's Autorun to check the username in the OS and look into the LaunchAgents folder, where entries with suspicious filenames should be deleted.

Article Link: Common Windows Malware Can Now Infect Macs
 
Article Link
https://www.macrumors.com/2021/07/21/common-windows-malware-can-now-infect-macs/
  • Haha
Reactions: Wildkraut
ikir

ikir

macrumors 68020
Sep 26, 2007
2,134
2,289
macOS is much more secure but users often doesn't have a clue. Macs can install software other than App Store and you like it or not, this is the main cause of malware diffusion. Cheap users want to download movies and software without paying = they get infected.
 
  • Like
  • Disagree
  • Angry
Reactions: strongy, rumormiller, hllywluis and 13 others
S

Sciomar

macrumors 6502a
Nov 8, 2017
559
1,737
TheYayAreaLiving said:
No matter what these Mac’s are protected. Let’s be real here.
Click to expand...
I know we should all know this but for everyone in the room, Mac's have always been able to get a virus. They were such a small subset of the computing world the payoff wasn't huge. Things have changed with the more mainstream adoption of Macs and now it's open season for the bad guys.
 
  • Like
  • Disagree
Reactions: BraytonAK, mjs916, Boyyai and 32 others
SamRyouji

SamRyouji

macrumors 6502
Jun 1, 2016
321
1,113
Wildkraut said:
Ohh let me call it out for you "LOCK MACOS DOWN, LOCK IT DOWN, NOW!", and allow MacAppStore installs only! :p
/s
Click to expand...
Well...certainly Apple has been considering that since the launch of Mac App Store up until this very day. Why they haven't done the lockdown is just because of the controversy ot will create if they do just that. ?
 
C

Cubsfan

macrumors regular
Jun 19, 2007
116
146
Infection path would be good information.

Also, I generally find LittleSnitch to be a great defense against this kind of thing (as long as the virus doesn't disable it). It may still exist, but you can identify it by network access.
 
  • Like
Reactions: mjs916, twistedpixel8 and Ankaa
The Clark

The Clark

macrumors 6502a
Dec 11, 2013
739
2,127
Canada
I'm not too worried to be honest.

I know that if the alcoholics at Windows can do a decent job securing their OS (windows defender) then MacOS will be fine too.
 
Last edited:
  • Haha
Reactions: Morod and LeadingHeat
Mr. Dee

Mr. Dee

macrumors 603
Dec 4, 2003
5,990
12,831
Jamaica
I wish they could be a little bit more clarity on how to really check for this. Interesting how things have come full circle. I remember years ago reading Total Panther from Macworld and guest columnist David Pogue was bragging about Mac OS X being a better choice than Windows and the upcoming 'Longhorn' because its a smaller user base and hackers are not interested. It was so naive to think that hackers would ignore macOS because its a smaller user base.

These changes to the security landscape will only force Apples hand to potentially lock down macOS, iOS style. It wouldn't be a bad idea for the vast majority of users. Just have a special easy to enable mode for power users who know what they are doing. But for grand ma, Cindy and Todd who just want email, spotify and download apps from the App Store, it shouldn't be a big deal.
 
  • Like
Reactions: haydn!, Tagbert, August West and 7 others
U

urgs

macrumors member
Jun 27, 2019
99
245
Cubsfan said:
Infection path would be good information.

Also, I generally find LittleSnitch to be a great defense against this kind of thing (as long as the virus doesn't disable it). It may still exist, but you can identify it by network access.
Click to expand...

skitidetdu said:
Can somebody explain what this means?

Edit: found a LaunchAgents folder in the library. Don't understand what AutoRun isFound something at 9to5mac
Click to expand...

Found something at 9to5mac

1. Go to /Users/[username]/Library/LaunchAgents directory
2. Check for suspicious filenames in this directory (example below is a random name)

/Users/user/Library/LaunchAgents/com.wznlVRt83Jsd.HPyT0b4Hwxh.plist

if there is a file named like above, it's very likely you have been infected
 
  • Like
Reactions: madrag, Spectrum, 5883662 and 19 others
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom