Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,491
- Points
- 113
The updated malware uses a clever trick to evade detection.
The information thief XLoader, known for its malicious activity since 2015, began attacking macOS systems in 2021 using Java dependencies, but then disappeared from the radar for a long time.
According to a recent report published by SentinelOne, the malware is back with new features and features. The researchers noted that the new version of the virus is very self-contained, it is written in C and Objective-C languages and has a genuine signature of the Apple developer.
"The new version of XLoader is embedded in a standard Apple image named OfficeNote.dmg," write SentinelOne researchers Dinesh Devadoss and Phil Stokes.
Disguising it as an office app makes it clear that the target of attacks is users who work a lot with documents. Apparently, this is how hackers want to get hold of any useful confidential information.
Disguised as OfficeNote, the app uses error message redirection tactics, secretly installing its payload and pinning mechanisms in the system, the researchers explain.
The new iteration of the malware has retained its former glory in the field of information theft. Data can be extracted directly from the victim's clipboard, especially in Chrome and Firefox browsers. At the same time, the malware avoids verification using confusing network connections and measures to prevent analysis.
"macOS allows running applications downloaded from the Internet that are signed by Apple developers," explains Duncan Miller, director of endpoint security at Tanium. "This highlights the importance of monitoring the signatures of applications running in the environment and regularly checking the signatures used."
SentinelOne has discovered widespread adoption of the new XLoader variant on cybercrime forums. The data thief is offered for rent at unusually high prices — $199 per month or $299 for 3 months. This is quite expensive for this kind of malicious software.
"The evolution of the XLoader distribution engine from Java-dependent to using the native macOS platform is a clear indication of the ever — changing cybersecurity threat landscape," warned Callie Guenter, senior manager of cyber threat Research at Critical Start.
"Hackers" commitment to continuously developing their tools and methodologies serves as a powerful reminder that in the world of cybersecurity, overconfidence is unacceptable, and the pursuit of reliable protection is an ongoing challenge," Guenter added.
Experts recommend that macOS users be vigilant, emphasizing the urgency of deploying reliable third-party security solutions to counter such threats.
The information thief XLoader, known for its malicious activity since 2015, began attacking macOS systems in 2021 using Java dependencies, but then disappeared from the radar for a long time.
According to a recent report published by SentinelOne, the malware is back with new features and features. The researchers noted that the new version of the virus is very self-contained, it is written in C and Objective-C languages and has a genuine signature of the Apple developer.
"The new version of XLoader is embedded in a standard Apple image named OfficeNote.dmg," write SentinelOne researchers Dinesh Devadoss and Phil Stokes.
Disguising it as an office app makes it clear that the target of attacks is users who work a lot with documents. Apparently, this is how hackers want to get hold of any useful confidential information.
Disguised as OfficeNote, the app uses error message redirection tactics, secretly installing its payload and pinning mechanisms in the system, the researchers explain.
The new iteration of the malware has retained its former glory in the field of information theft. Data can be extracted directly from the victim's clipboard, especially in Chrome and Firefox browsers. At the same time, the malware avoids verification using confusing network connections and measures to prevent analysis.
"macOS allows running applications downloaded from the Internet that are signed by Apple developers," explains Duncan Miller, director of endpoint security at Tanium. "This highlights the importance of monitoring the signatures of applications running in the environment and regularly checking the signatures used."
SentinelOne has discovered widespread adoption of the new XLoader variant on cybercrime forums. The data thief is offered for rent at unusually high prices — $199 per month or $299 for 3 months. This is quite expensive for this kind of malicious software.
"The evolution of the XLoader distribution engine from Java-dependent to using the native macOS platform is a clear indication of the ever — changing cybersecurity threat landscape," warned Callie Guenter, senior manager of cyber threat Research at Critical Start.
"Hackers" commitment to continuously developing their tools and methodologies serves as a powerful reminder that in the world of cybersecurity, overconfidence is unacceptable, and the pursuit of reliable protection is an ongoing challenge," Guenter added.
Experts recommend that macOS users be vigilant, emphasizing the urgency of deploying reliable third-party security solutions to counter such threats.
