A disturbing element of modern cybercrime is just how easy it is to procure powerful and invasive tools—the kind that can wreak total havoc on an unsuspecting victim’s computer.
A perfect example comes from researchers with security firm Check Point, who recently spotted just such a product circulating the web: it’s a cheap, accessible program called “XLoader,” which can be used to hack into and steal information from both Windows and macOS devices.
Buyers only have access to the malware for a limited time, however, and must conduct attacks from a server controlled by the seller: for instance, it costs $99 for a three-month subscription to XLoader customized to infiltrate macOS devices.
The malware, which is an outgrowth of an earlier, popular malware called “Formbook,” has been deployed in countries all over the world, with a majority of victims residing in the U.S., researchers say.Much like its predecessor, XLoader has all sorts of invasive potential, allowing an intruder to log your keystrokes, harvest login credentials, collect screenshots off your desktop, and also download and deploy other kinds of malicious files onto the target device.
XLoader’s credential harvesting feature works for “almost one hundred applications including browsers, messengers, FTP and email clients,” researchers write.
“I think there is a common incorrect belief with macOS users that Apple platforms are more secure than other more widely used platforms,” said Yaniv Balmas, head of cyber research for Check Point.
Our recent findings are a perfect example and confirm this growing trend.”While it’s not particularly fun to imagine what kind of creeps would want to use XLoader, Check Point provides a few basic recommendations for steering clear of this mess: don’t go poking around on unprotected websites, monitor for weird behavior from your device, and, as always, send that suspicious email from an unknown sender straight to the trash receptacle.
The company also recommends running an Autorun function on your device to search for suspicious sounding file names in the LaunchAgents folder—a place where there could be visible traces of potential compromise.
1 week, 1 day ago by Masoumeh Shafiei
Privacy and security