XLoader, a recently developed malware strain previously known for stealing Windows systems, has now extended its domain to target macOS systems. XLoader is currently available on an underground platform as a botnet-loader service that can restore passwords from web browsers and email clients like Edge, Chrome, Opera, and Firefox.XLoader, a recently developed malware strain previously known for stealing Windows systems, has now extended its domain to target macOS systems. XLoader is currently available on an underground platform as a botnet-loader service that can restore passwords from web browsers and email clients like Edge, Chrome, Opera, and Firefox.XLoader, a recently developed malware strain previously known for stealing Windows systems, has now extended its domain to target macOS systems. XLoader is currently available on an underground platform as a botnet-loader service that can restore passwords from web browsers and email clients like Edge, Chrome, Opera, and Firefox.XLoader, a recently developed malware strain previously known for stealing Windows systems, has now extended its domain to target macOS systems. XLoader is currently available on an underground platform as a botnet-loader service that can restore passwords from web browsers and email clients like Edge, Chrome, Opera, and Firefox.

The new malware is supposedly derived from Formbook info-stealer for Windows and first appeared last February. Its popularity has grown immensely, and threat actors started identifying it as an independent cross-platform botnet (for Windows and macOS). Security experts found the link between Formbook and XLoader when a community member reverse-engineered Xloader and found the same code as implemented by the former. According to an advertisement on the platform, The operators behind Formbook helped to develop XLoader and, both malware had the same functionality and payloads.

The malware version of Windows and macOS is on sale on the botnet platform for $59 and $49 for a month, respectively. The developers of XLoader also supply a free JAVA binder which allows the users to create a distinctive JAR file on Windows and macOS systems.

Security researchers from Check Point received requests from about 69 countries after they tracked Xloader's activities for six months. The appeal from several countries indicated a consequential spread across the globe, with maximum victims from the United States. According to AnyRun malware trends, Formbook was part of at least 1,000 malware attacks over the last three years.

Researchers at Check Point stated that XLoader is secretive enough to trick a non-technical person. They urged all users to utilize macOS’ Autorun to check for suspicious usernames or filenames. Head of Cyber Research at Check Point, Yaniv Balmas, stated that XLoader is far superior and advanced than the previous one(Formbook). He also added that the macOS malware is becoming more prominent and more ruthless.