A disturbing element in modern cybercrime is how easy it is to obtain powerful and invasive tools – the kind that can wreak havoc on an unsuspecting computer.
Today, the malware economy is similar to a subscription model, allowing developers to license their scary products to all paying dark web customers. In most cases, these customers do not even need to have a lot of expertise, as most of the tools’ functions are automated.
A perfect example comes from researchers at the security company Check Point, who recently discovered just such a product circulating on the Internet: it is a cheap, accessible program called “XLoader”, which can be used to hack and steal information from both Windows and macOS devices. .
IN a report published Wednesday, Check Point shows how XLoader sells for as low as $ 49 on a popular dark web forum. There, criminals can “license” it from a developer to carry out attacks. Buyers only have access to malware for a limited time, but must attack from a server controlled by the seller: for example, it costs $ 99 for a three-month XLoader subscription customized to infiltrate MacOS devices. The Windows version is meanwhile more expensive – it comes in at $ 129 for a three-month subscription.
Malware, which is an outgrowth of a former, popular malware called “Formbook”, has been distributed in countries around the world, with a majority of victims living in the United States, researchers say.
As you can see from an older image of Formbook’s fee structure, it’s not much more than signing up for a monthly subscription to Amazon Prime to access such sneaky hacking weapons:
Like its predecessor, XLoader has all sorts of invasive potentials, allowing an intruder to log keystrokes, retrieve login information, collect desktop screenshots, and also download and distribute other types of malicious files on the target device. Other features include sniffing network traffic and clipboard monitoring. XLoader’s credential harvesting feature works for “nearly a hundred applications, including browsers, messengers, FTP, and email clients,” the researchers write.
Most often, malicious software is spread through typical phishing schemes that use fake emails. These emails are equipped with malware-loaded Microsoft Office documents which, if downloaded, will inject the program into your computer.
“I think it’s a common misconception among macOS users that Apple platforms are more secure than other more used platforms,” said Yaniv Balmas, head of cyber research for Check Point. “Although there may be a gap between malicious software for Windows and MacOS, the gap is slowly closing over time. The truth is that macOS malware is getting bigger and more dangerous. Our recent findings are a perfect example and confirm this growing trend. ”
While it’s not particularly fun to imagine what kind of insects will use XLoader, Check Point provides a few basic recommendations for managing this mess: Do not go around unprotected websites, monitor for strange behavior from your device, and, as always , send the suspicious email from an unknown sender directly to the Trash. The company too recommends that you run an AutoPlay feature on your device to search for suspicious filenames in the LaunchAgents folder – a place where it could be visible traces of potential compromise.