XLoader spyware evolved from Formbook to infect macOS

By Ewdison Then/July 21, 2021 9:37 pm EST

Although Macs have traditionally been seen as offering better security against malware compared to Windows PCs, it isn't completely immune. The recent reports of new malware targeting macOS, especially the crippling ransomware kind, show that Apple's desktop platform is gaining popularity as a target by malware writers and hackers. In fact, a report on a new kind of malware shows just how interesting macOS is becoming to these malicious actors that have revived an almost forgotten Windows spyware in order to add support for targeting Macs.

Formbook launched in 2016 and abruptly disappeared in 2017 as Windows-only spyware that collected screenshots, logged keystrokes, and even executes files from remote servers. The author claimed it was meant to just be a simple spyware, but buyers of that malware started using it for email campaigns. Formbook's author distanced himself from such activities and removed the malware from sale.

Nearly four years later, Formbook resurfaces as XLoader with pretty much the same features but with one important difference. In addition to selling time-limited copies for Windows, the new author, which may or may not be related to the original Formbook author, is also selling licenses of the malware for macOS for only $49. At that price, XLoader threatens to infect any macOS and potentially expose users' credentials to hackers.

On the one hand, XLoader's point of infection is pretty basic despite the malware's advanced features. It uses tried and tested email phishing scams to get targets to click on links or download attachments. Unfortunately, once a Mac is infected, XLoader is able to evade many antivirus programs and Apple's own security checks.

On the other hand, Check Point Research's discovery of this resurrected spyware also proves how macOS is increasingly becoming the target of such malicious activities. The more Mac owners there are, the bigger the target audience, the higher the chances of attacks paying off. It also challenges long-held assumptions that Macs are inherently more secure than PCs, which may have been just a side-effect of having fewer users in the past.