Malware Wiki

Summary

A Malware-as-a-Service info stealer

Class

InfoStealer

Class Summary

Infostealers are generally designed as simple malicious programs focused specifically on the the theft of information. Although they might also be able to spy on users, this is not generally their primary goal. They generally execute and immediately look on disk at hardcoded locations for valuable files. These valuable files range from browser data, crypto, keychains and more.

Description

XLoader, a Malware-as-a-Service info stealer and keylogger, has evolved from its predecessor FormBook, to target both Windows and macOS systems. For macOS, it disguises itself as a legitimate app like OfficeNote or distributes through phishing emails with .jar files requiring Java Runtime Environment. Upon execution, it drops a file and continues to execute malicious components even without user interaction. It attempts to steal credentials from browsers, notably Chrome and Firefox, and employs various evasion techniques, including anti-debugging measures to thwart analysis.

References

https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app

Example Hashes

26fd638334c9c1bd111c528745c10d00aa77249d

VirusTotal
47cacf7497c92aab6cded8e59d2104215d8fab86

VirusTotal
958147ab54ee433ac57809b0e8fd94f811d523ba

VirusTotal