Security researchers warn that the Windows Trojan known as XLoader is now also being offered for macOS in underground forums. XLoader was created from the five-year-old Windows Trojan Formbook. In addition to the Windows executable, there is now an executable version for macOS and a tool called XBinder that packs both executables in a Java archive.
The Formbook malware was known for sucking login information from various browsers, uploading or downloading files, taking screenshots and recording keystrokes. The successor XLoader holds that Security research team from Check Point for even more mature.
Botnetz als Abo
Attackers rent the infrastructure to control the botnet as malware-as-a-service for $ 49 a month. All they have to do is concentrate on spreading the Trojan. This is why it is popular with cyber criminals with little technical knowledge.
Form book was in AnyRun’s malicious code trends last year in fourth place behind Emotet. Criminals used Formbook, among other things, in a malicious code campaign on behalf of the World Health Organization (WHO). At that time the Trojan was hiding in a zip archive called “My Health Ebook”.
Fake invoice via email
The successor often arrives in the e-mail inbox as an invoice; sometimes as an Excel macro or as a zip archive. As soon as the code is executed, XLoader connects to a command and control server (C&C server). With an old version of Office it is enough to just open the document to activate the Trojan through the CVE-2017-11882 vulnerability.
Newer Microsoft Office versions are no longer susceptible to the Outlook security hole used in 2017. Invoices that cannot be assigned should not be opened at all and applications should only be downloaded from reputable sources. In case of doubt, it is better to forego the download entirely.
Disclaimer: This article is generated from the feed and not edited by our team.