A keylogger malware originally known as FormBook for Windows has transitioned into a new version known as the XLoader. This new variant now targets Mac users and dupes them to access passwords and the clipboard, and even records keystrokes and screenshots.
So, how dangerous is this XLoader variant, and are there ways to protect our machines from this malware?
What Is XLoader Malware?
XLoader originated as a part of Formbook which is an information stealer for Windows. Labeled as a cross-platform botnet with no dependencies, XLoader has since taken macOS under its grip.
This malware is currently part of an underground offering as a botnet loader service and is used to recover passwords from web browsers as well as some email clients. The biggest problem with XLoader is that it is very lightweight and therefore often goes undetected on the infected device.
How Dangerous Is XLoader and Its Variant?
XLoader was primarily designed to exfiltrate data. This malware is essentially a keylogger that can record keystrokes, take screenshots, and obtain information stored inside the clipboard (copy/ paste buffer). It is also capable of extracting usernames and passwords from most browsers, messengers, and email clients.
To make matters worse, the new variant of XLoader is now available as Malware-as-a-Service (MaaS) which means anyone can buy XLoader to steal information. At the time of writing, it costs around $49 to use it for macOS for one month.
Here are the main reasons the XLoader variant is extra dangerous:
- The attacks carried out by XLoader can be highly targeted as anyone can buy this malware.
- Cybercriminals can use this malware to abuse stolen accounts from emails and social media platforms to disperse the malware to contacts, ask for loans, etc. Fraudulent online transactions and purchases can also be conducted through online banking accounts, digital wallets, and e-commerce.
- XLoader can also download or install additional malicious software thus causing chain infections where harmful vectors such as Trojans, ransomware, and malware can easily be transported to affected systems.
To summarize, XLoader can be an extremely dangerous software that can cause multiple system infections. It can make the victims suffer huge financial losses and struggle with privacy issues and can also lead to identity theft.
Ways To Protect Yourself Against XLoader
The best protection against the XLoader is being wary of opening email attachments or downloading software from suspicious sources. Scanning each installation package with robust antivirus software before using it is also a helpful practice.
Note: Right-clicking any file should give you the option to scan it.
Here are a few ways by which you can protect yourself against any type of malware.
Install Antivirus Software
One of the most effective ways to protect against malware is to use strong antivirus protection as it can protect your device from malicious software.
An antivirus program not only scans your computer to detect and clean the malware but also provides automatic updates for enhanced protection against newly created infections.
Install Windows/macOS Updates
In addition to installing antivirus software, it’s imperative to ensure that your software is regularly updated. This stops the attackers from gaining access to your computer through vulnerabilities in older and outdated systems.
Avoid Opening Suspicious Email Attachments or Links
Phishing is the most prevalent way for hackers to install malware on your device. Most phishing scams lure people into opening emails or clicking on a link that may appear to come from a legitimate or reputable source. The link generally transports the users to a fake website where they are prompted to enter their personal details and login credentials.
Or they might be directed to a website that can infect their device with malware.
As a rule of thumb, always be cautious about opening any links.
Do Not Download Apps and Programs From Online Pop-Ups
Never download any apps or programs generated by pop-ups. Clicking on links within pop-up screens should be avoided at any cost. The good news is that most web browsers are equipped to stop pop-up ads and have settings that allow you to set the security for pop-ups.
To err on the side of caution, it is best to have pop-ups disabled in your browser settings.
Disable Macros in Office Documents
Microsoft Office products like Word and Excel often use macros to automate repetitive tasks like formatting spreadsheets. However, it is best to keep the macros disabled as they can be used to run malicious scripts by cybercriminals. Most macro-based malware attacks are carried out via phishing emails and victims are fooled into opening a Word file that contains a macro.
Any time the recipients allow the macro to run, malicious code is then downloaded into their device.
Along with disabling macros, it is also a good practice to patch commonly used third-party software such as Java, Flash, and Adobe, etc. as this can greatly reduce the number of attacks from being successful in the first place
Employ Multi-Factor Authentication
MFA is an authentication method that grants access to a user once they have successfully presented two or more pieces of evidence. By asking the users to provide an extra set of credentials, it provides an added layer of security.
A great example would be if you were trying to do online banking from your computer with MFA enabled. Once you enter your login credentials to the bank website from your computer, a one-time-password (OTP) code will be generated to another pre-authenticated device like your smartphone.
You will then be required to input that code into the bank website to finally gain access.
It is strongly preferred you use time-restricted OTPs from an MFA app such as the Google Authenticator
Think Twice Before Clicking on Email Links
Phishing attacks can be carried out in many ways, but the most common strategy is a convincing email with a clickable and malicious URL. What happens after a user clicks on the email link can be many different things—from remote code execution and ransomware requests to malware infections.
The bottom line is that opening a suspicious email and clicking on links or attachments can create a perpetual mess of infections on your device. Always think twice before opening emails from unknown senders even if they sound legit.