FormBook Data Stealer Updated as XLoader, Now Targets Macs Too

FormBook is a data stealer that used to target Windows machines and log keystrokes with the purpose of stealing sensitive information. Security researchers have spotted a brand-new variant of FormBook, now rebranded as XLoader, that is being sold on the dark web for a worryingly low price and with an expanded set of capabilities.

FormBook has been around for about five years now, first showing up on the rader of the infocec community in 2016. Its newest reincarnation, dubbed XLoader, has been picked apart and analyzed by security experts with Check Point Research. The flagship feature of the newest versions of XLoader, which changed to its new name in 2020, is that it can now also target victims running Mac computers.

The distribution method for the malware is mostly malicious email spam with attached infected MS Office files.

The new XLoader malicious tool is distributed using dark web and hacking forums, where it sells for the very modest price of just $49 - a price point that might entice a great number of budding hackers. In its report on the Check Point examination of the malware, Threatpost noted that Xloader is not only accessible, it is also incredibly simple to use, which, combined with the low price, will open the doors to even more potential bad actors.

In their examination of XLoader, Check Point found XLoader requests from nearly 70 different countries, while most of the targets were in the US.

FormBook had humble beginnings, starting as a relatively simple keylogger. However, the tool grew in popularity very quickly and had become a fixture in the top 5 of the most prevalent malware families by mid-2020.

Obviously, the biggest new feature in the last versions of XLoader is its new ability to work on Macs. According to figures released by Apple, there were around 100 million users running a Mac computer even back in 2018. This figure has no doubt grown in the last few years, giving XLoader a huge and fertile ground to spread.

Of course, given that it is primarily distributed using malspam campaigns, your best bet in staying safe from XLoader is simply keeping a dedicated anti-malware suite installed and always updated and never opening any attachments from emails with uncertain origins.

July 21, 2021