SYMBOLCOMMON_NAMEaka. SYNONYMS
osx.xloader (Back to overview)

Xloader

aka: Formbook

Xloader is a Rebranding of Formbook malware (mainly a stealer), available for macOS as well.

Formbook has a "magic"-value FBNG (FormBook-NG), while Xloader has a "magic"-value XLNG (XLoader-NG). This "magic"-value XLNG is platform-independent.

Not to be confused with apk.xloader or ios.xloader.

References
2023-08-21SentinelOneDinesh Devadoss, Phil Stokes
XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App
Xloader
2022-05-31Check Point ResearchAlexey Bukhteyev, Raman Ladutska
XLoader Botnet: Find Me If You Can
Xloader
2022-03-25GOV.UAState Service of Special Communication and Information Protection of Ukraine (CIP)
Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22
Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora RAT
2022-03-07LAC WATCHCyber ​​Emergency Center
I CAN'T HEAR YOU NOW! INTERNAL BEHAVIOR OF INFORMATION-STEALING MALWARE AND JSOC DETECTION TRENDS
Xloader Agent Tesla Formbook Loki Password Stealer (PWS)
2022-01-21ZscalerBrett Stone-Gross, Javier Vicente
Analysis of Xloader’s C2 Network Encryption
Xloader Formbook
2022-01-06VMRayVMRay Labs Team
Malware Analysis Spotlight: XLoader’ Cross-platform Support Utilizing XBinder
Xloader
2021-09-30BlackberryThe BlackBerry Research & Intelligence Team
Threat Thursday: xLoader Infostealer
Xloader Formbook
2021-09-02MalwareBookReportsmuzi
Cross-Platform Java Dropper: Snake and XLoader (Mac Version)
Xloader 404 Keylogger
2021-07-27Check PointAlexey Bukhteyev, Raman Ladutska
Time-proven tricks in a new environment: the macOS evolution of Formbook
Xloader
2021-07-26SentinelOnePhil Stokes
Detecting XLoader | A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger
Xloader
2021-07-26MalwarebytesThomas Reed
OSX.XLoader hides little except its main purpose: What we learned in the installation process
Xloader
2021-07-21Check PointCheck Point Research
Top prevalent malware with a thousand campaigns migrates to macOS
Xloader
2020-10-23@krabsonsecurity
Tweet: An interesting tidbit: it has a Mach-O bin
Xloader

There is no Yara-Signature yet.