Scary ‘malware-as-a-service’ Mac attack uncovered

Scary ‘malware-as-a-service’ Mac attack uncovered

Scary ‘malware-as-a-service’ Mac attack uncovered

Another day, and it’s time for another Apple security scare: malware that can collect keystrokes and logins and is available on the Darknet for just $ 49.

Malware as a service for Mac attacks

Check Point Software Research Team claims to have identified the hack, which it calls XLoader. Business security specialists managing Mac and Apple devices (of which there are many) should be aware of the new attack, as they tell us that it can:

  • Harvest browser logins.
  • Collect screenshots.
  • Record keystrokes.
  • Download and run malicious files.

The hack is sold as a kind of “malware as a service” for about $ 49 on the Darknet, the researchers said. Hackers in 69 countries have requested it, and 53% of those who have fallen victim to it are based in the US.

The attack vector is simple: Victims are tricked into downloading the malware using maliciously crafted Word documents.

Showing some formbook

XLoader is derived from an existing Windows malware called Formbook, which is the fourth most common malware family. Formbook has been used in extensive spam campaigns targeting larger global organizations. (Confusingly, there is also an Android malware called XLoader, which is not the same.)

“Historically, MacOS malware has not been that common,” Yaniv Balmas, head of cyber research at Check Point Software, said in a statement. “They generally fall under the category of ‘spyware’ and they don’t do too much damage. I think there is a common misconception among MacOS users that Apple platforms are more secure than other popular platforms. While there may be a gap between Windows and MacOS malware, the gap is slowly closing over time. The truth is, MacOS malware is getting bigger and more dangerous. “

This is true, of course. But at least one survey shows that despite the growing security threat, most companies view Macs as the most secure platform out of the box.

For hackers, the Mac opportunity knocks on the door

Apple has a growing business market share, which means its platforms are seen as a potentially rewarding target. To be fair, he’s also constantly working to make his rigs a tough nut to crack.

“Our recent findings are a perfect example and confirm this growing trend,” said Balmas. “With the growing popularity of MacOS platforms, it makes sense for cybercriminals to show more interest in this domain, and I personally anticipate seeing more cyber threats after the Formbook malware family. I would think twice about opening email attachments. emails I get from senders I don’t know. “

Apple’s chief software engineer, Craig Federighi, recently argued that Macs are not yet as secure as iOS devices: “iOS has set a dramatically higher bar for customer protection,” he said. “The Mac is not meeting that standard today.”

The Apple executive also confirmed that the scale of Mac malware is accelerating. More than 130 different malware items have affected up to 300,000 Macs, he said. A recent Atlas VPN Research stated that 670,273 new malware samples were identified in 2020, compared to 56,556 in 2019.

Worry don’t worry

With approximately 200 million users running macOS in 2018 (as reported by Apple), the Mac is a promising market for malware. Apple recognizes this, of course, as does Apple’s broader ecosystem.

MDM vendors like Jamf are developing smart software solutions to protect the security of the Mac platform, although it is It is worth noting that human error is again the main way this malware infects target systems. Users must open infected Word documents to inject malware into their Macs, so the user remains the weakest link in the security chain.

Users are the primary attack vector across all platforms, so every business should invest in security awareness and response training for all staff, and foster a culture where mistakes, once made, are revealed. and respond quickly and non-punitively.

How to prevent Xloader

Xloader uses a typically classic attack vector of “infection via untrustworthy Word documents”, which means that it can also be mitigated by the traditional approach to security protection:

  • Don’t open suspicious attachments from people you don’t know.
  • Don’t visit websites you don’t trust.
  • Use third-party protection software.

How to detect Xloader

Researchers claim that one way a Mac user can search for this malware on their system is as follows:

  • Use the Go item in the Finder menu
  • Please select Go to folder
  • To write: Users / your username / Library / LaunchAgents to open the LaunchAgents folder
  • If you see a suspicious file with a seemingly random name that is not clearly identified, drag it to the trash and delete it.

Researchers also recommend installing and using malware detection software, as this will often allow for better identification of suspicious files.

So read:

Please follow me on Twitter, or join me in the AppleHolic Bar and Grill other Apple Discussions groups in MeWe.

Copyright © 2021 IDG Communications, Inc.