Check Point researchers warn of a new variant of the malware XLoader. The website reports this as a result of its own research. What's new is that the Mac can be affected by the malware, but only after you open a malicious file as a user.
XLoader malware monitors your screen, keyboard and more
Once installed, XLoader can do quite a bit of damage to your privacy without you even realizing it. For example, the software can take screenshots unnoticed, read what you type and steal other private data. Malicious persons can rent the software for $49 per month. The bad thing about XLoader is its invisibility. The software is unobtrusive and difficult for researchers to trace.
XLoader's advertisement on a forum. Source: Check Point
XLoader is a variant of the malware Formbook and used to be only harmful to Windows. The new variant is also effective on the Mac. It is installed when a user downloads an infected document via e-mail, for example. The advice is therefore never to open files of unknowns just like that. Even if you seem to know the recipient, but don't expect the file, don't open it indiscriminately.
The Mac has recently become a victim of malicious software. In 2019, more malware was found for Mac than Windows. Malware has also been discovered on M1 Macs. According to Yaniv Balmas of Check Point, this is mainly a choice of the criminals. As the Mac becomes more popular, stealing data is also more rewarding as a hacker, the researcher says. “A bigger problem,” states Balmas, “is that many Mac users believe they are safe and free from malware.” He says the technical bar is not high to produce malware for Macs.
Recently Craig Federighi also claimed that the Mac has an ‘unacceptable malware problem’.
How to protect yourself against XLoader
Fortunately, the researchers at Check Point offer a solution for infected Macs. However, once your data has been stolen, you cannot undo it. Mac users are advised to take the following steps:
- Open Finder.
- In the menu bar, click Go and select Go to Folder.
- Enter the following path: /Users/your username/Library/LaunchAgents
- Delete files with filenames like: com.wznlVRt83Jsd.HPyT0b4Hwxh.plist
- Empty your Mac's Trash .
The filename we mention here is just an example. All files with a similar name with arbitrary characters should be regarded as suspicious. Make sure the list only contains files you trust. Users of a Mac with Apple Silicon should also be careful, because Apple Silicon malware is already on the planet.
Check Point also points out the standard rules to prevent phishing, as described earlier in this article. See more information about phishing on the police website.