Return this old malware on Mac disguised as Microsoft’s most popular app

I’ll always recommend Macs to Windows PCs when it comes to security, but this does not mean that Apple’s computers are incorruptible machines.. The good proof of this is the return of XLoader, considered by some as a old friend.

XLoader is a malware which appeared in 2021, seeking to work in JAVA environments and wreaking havoc on Windows becoming the fourth most used malicious tool of the moment. Right now XLoader was rewritten in Objective C, becoming a threat in macOS.

Word looks like, malware is

Xloader malware mac

The ‘OfficeNote’ application, as listed on the SentinelOne security website.

The tactic used by Xloader is quite classic. It disguises itself as an office application called ‘OfficeNote’, with an icon used by Microsoft Word a few years ago. Only with this we can already identify it, but for less experienced users it can be a trap that would go unnoticed.

But the worst thing is that the application manages to pass itself off as an application validated by Apple, with the signature ‘Apple distribution: MAIT JAKHU (54YDV8NU9C)‘. And macOS seems to take this signature as correct, so it runs the app without too many obstacles.

According to what has been seen from the statistics of VirusTotal, this new version of XLoader has already spread across networks within a . .. .DMG just like any other signed app would be distributed outside the walls of the Mac App Store. In other words, it would be very simple for an untrained mind to install it. The intention of its creator is that it be distributed through business networks, often not sufficiently well protected.

What to do if you find traces of XLoader on your Mac

What does it do? malware After installation? Well enter Chrome and Firefox settings files (Safari is saved) looking for personal data, in addition to trying to save everything we have copied to the clipboard via the APIs provided by macOS itself.

The good news is that applications that include security scanning are already able to detect XLoader because it’s not completely new code. But if you see an application called OfficeNote in your application directory, Delete it immediately.

Apple skips Captchas because it knows they're useless: there's a safer method

If you’re not too sure you’ve done it right, it’s not a bad idea to do a scan with apps like CleanmyMacX or Malwarebytes. As always, the weak link in a computer’s security is the gullibility of its user.

In Applesfera | The Google and Apple team: now Android alerts if someone is tracking you with an AirTag

In Applesfera | Why the new macOS 14 is called ‘Sonoma’ and when you can update it

The image | Jake Charles

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


To Top
Enable Notifications OK No thanks