For as low as $49 on the Darknet, hackers can buy licenses for the new malware, enabling capabilities to harvest log-in credentials, collect screenshots, log keystrokes, and execute malicious files.
Nearly 53 per cent of victims reside in the US, including both Mac and Windows users, while hackers in 69 countries have made requests for the evolved malware.
Victims are tricked into downloading the malware strain via spoofed emails containing malicious Microsoft Office documents, the researchers noted.
‘This malware is far more mature and sophisticated than its predecessors, supporting different operating systems, specifically MacOS computers. Historically, MacOS malware hasn’t been that common. They usually fall into the category of ‘spyware’, not causing too much damage,’ said Yaniv Balmas, Head of Cyber Research at Check Point Software.
While there might be a gap between Windows and MacOS malware, the gap is slowly closing over time.
‘The truth is that MacOS malware is becoming bigger and more dangerous. Our recent findings are a perfect example and confirm this growing trend,’ Balmad added.
XLoader’ is a derivative of the famous ‘Formbook’ malware family, which mainly targeted Windows users, but disappeared from being on sale in 2018.
Formbook rebranded to XLoader in 2020.
Over the past six months, CPR studied XLoader’s activities, learning that XLoader is prolific, targeting not just Windows, but to CPR’s surprise, Mac users as well.
To avoid infection, the researchers advise both Mac and Windows users not to open suspicious attachments, avoid visiting suspicious websites and use third-party protection software to help identify and prevent malicious behaviour on their computers.