Malware For Macs Is Getting Bigger, More Dangerous And It’s Dirt Cheap

Malware For Macs Is Getting Bigger, More Dangerous And It’s Dirt Cheap
Photo: Justin Sullivan, Getty Images

A disturbing element of modern cybercrime is just how easy it is to procure powerful and invasive tools — the kind that can wreak total havoc on an unsuspecting victim’s computer.

Today, the malware economy resembles a subscription model, allowing developers to licence their nefarious products to any paying dark web customer. In most cases, these customers don’t even need to have much expertise, as most of the tools’ features are automated.

A perfect example comes from researchers with security firm Check Point, who recently spotted just such a product circulating the web: it’s a cheap, accessible program called “XLoader,” which can be used to hack into and steal information from both Windows and macOS devices.

In a report published Wednesday, Check Point shows how XLoader is being sold for as low as $US49 ($67) on a popular dark web forum. There, criminals can “licence” it from a developer to carry out attacks. Buyers only have access to the malware for a limited time, however, and must conduct attacks from a server controlled by the seller: for instance, it costs $US99 ($135) for a three-month subscription to XLoader customised to infiltrate MacOS devices. The Windows version, meanwhile, is more expensive — coming in at $US129 ($176) for a three-month subscription.

The malware, which is an outgrowth of an earlier, popular malware called “Formbook,” has been deployed in countries all over the world, with a majority of victims residing in the U.S., researchers say.

As you can see from an older image of Formbook’s fee structure, gaining access to these kinds of stealthy hacking weapons isn’t that much different than signing up for a monthly subscription to Amazon Prime:

Screenshot: Check Point Research

Much like its predecessor, XLoader has all sorts of invasive potential, allowing an intruder to log your keystrokes, harvest login credentials, collect screenshots off your desktop, and also download and deploy other kinds of malicious files onto the target device. Other features include network traffic sniffing and clipboard monitoring. XLoader’s credential harvesting feature works for “almost one hundred applications including browsers, messengers, FTP and email clients,” researchers write.

Most often, the malware is spread via typical phishing schemes that use spoofed emails. Those emails come equipped with malware-loaded Microsoft Office documents which, if downloaded, will inject the program into your computer.

“I think there is a common incorrect belief with macOS users that Apple platforms are more secure than other more widely used platforms,” said Yaniv Balmas, head of cyber research for Check Point. “While there might be a gap between Windows and macOS malware, the gap is slowly closing over time. The truth is that macOS malware is becoming bigger and more dangerous. Our recent findings are a perfect example and confirm this growing trend.”

While it’s not particularly fun to imagine what kind of creeps would want to use XLoader, Check Point provides a few basic recommendations for steering clear of this mess: don’t go poking around on unprotected websites, monitor for weird behaviour from your device, and, as always, send that suspicious email from an unknown sender straight to the trash receptacle. The company also recommends running an Autorun function on your device to search for suspicious sounding file names in the LaunchAgents folder — a place where there could be visible traces of potential compromise.