SYMBOLCOMMON_NAMEaka. SYNONYMS
osx.xloader (Back to overview)

Xloader

aka: Formbook

Xloader is a Rebranding of Formbook malware (mainly a stealer), available for macOS as well.

Formbook has a "magic"-value FBNG (FormBook-NG), while Xloader has a "magic"-value XLNG (XLoader-NG). This "magic"-value XLNG is platform-independent.

Not to be confused with apk.xloader or ios.xloader.

References
2021-09-30BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20210930:threat:d31cc55, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: xLoader Infostealer}}, date = {2021-09-30}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/09/threat-thursday-xloader-infostealer}, language = {English}, urldate = {2021-10-11} } Threat Thursday: xLoader Infostealer
Xloader Formbook
2021-07-27Check PointAlexey Bukhteyev, Raman Ladutska
@online{bukhteyev:20210727:timeproven:d927632, author = {Alexey Bukhteyev and Raman Ladutska}, title = {{Time-proven tricks in a new environment: the macOS evolution of Formbook}}, date = {2021-07-27}, organization = {Check Point}, url = {https://research.checkpoint.com/2021/time-proven-tricks-in-a-new-environment-the-macos-evolution-of-formbook/}, language = {English}, urldate = {2021-07-29} } Time-proven tricks in a new environment: the macOS evolution of Formbook
Xloader
2021-07-26SentinelOnePhil Stokes
@online{stokes:20210726:detecting:5795d48, author = {Phil Stokes}, title = {{Detecting XLoader | A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger}}, date = {2021-07-26}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/detecting-xloader-a-macos-malware-as-a-service-info-stealer-and-keylogger/}, language = {English}, urldate = {2021-07-26} } Detecting XLoader | A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger
Xloader
2021-07-26MalwarebytesThomas Reed
@online{reed:20210726:osxxloader:b3818a3, author = {Thomas Reed}, title = {{OSX.XLoader hides little except its main purpose: What we learned in the installation process}}, date = {2021-07-26}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/mac/2021/07/osx-xloader-hides-little-except-its-main-purpose-what-we-learned-in-the-installation-process/}, language = {English}, urldate = {2021-08-02} } OSX.XLoader hides little except its main purpose: What we learned in the installation process
Xloader
2021-07-21Check PointCheck Point Research
@online{research:20210721:top:9329aad, author = {Check Point Research}, title = {{Top prevalent malware with a thousand campaigns migrates to macOS}}, date = {2021-07-21}, organization = {Check Point}, url = {https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/}, language = {English}, urldate = {2021-07-26} } Top prevalent malware with a thousand campaigns migrates to macOS
Xloader
2020-10-23@krabsonsecurity
@online{krabsonsecurity:20201023:interesting:215d0bc, author = {@krabsonsecurity}, title = {{Tweet: An interesting tidbit: it has a Mach-O bin}}, date = {2020-10-23}, url = {https://twitter.com/krabsonsecurity/status/1319463908952969216}, language = {English}, urldate = {2021-07-06} } Tweet: An interesting tidbit: it has a Mach-O bin
Xloader

There is no Yara-Signature yet.