SYMBOLCOMMON_NAMEaka. SYNONYMS
osx.xloader (Back to overview)

Xloader

aka: Formbook

Xloader is a Rebranding of Formbook malware (mainly a stealer), available for macOS as well.

Formbook has a "magic"-value FBNG (FormBook-NG), while Xloader has a "magic"-value XLNG (XLoader-NG). This "magic"-value XLNG is platform-independent.

Not to be confused with apk.xloader or ios.xloader.

References
2022-05-31Check Point ResearchAlexey Bukhteyev, Raman Ladutska
@online{bukhteyev:20220531:xloader:f9d6f5f, author = {Alexey Bukhteyev and Raman Ladutska}, title = {{XLoader Botnet: Find Me If You Can}}, date = {2022-05-31}, organization = {Check Point Research}, url = {https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/}, language = {English}, urldate = {2022-05-31} } XLoader Botnet: Find Me If You Can
Xloader
2022-03-25GOV.UAState Service of Special Communication and Information Protection of Ukraine (CIP)
@online{cip:20220325:who:e75f0ac, author = {State Service of Special Communication and Information Protection of Ukraine (CIP)}, title = {{Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22}}, date = {2022-03-25}, organization = {GOV.UA}, url = {https://cip.gov.ua/en/news/khto-stoyit-za-kiberatakami-na-ukrayinsku-kritichnu-informaciinu-infrastrukturu-statistika-15-22-bereznya}, language = {English}, urldate = {2022-08-05} } Who is behind the Cyberattacks on Ukraine's Critical Information Infrastructure: Statistics for March 15-22
Xloader Agent Tesla CaddyWiper Cobalt Strike DoubleZero GraphSteel GrimPlant HeaderTip HermeticWiper IsaacWiper MicroBackdoor Pandora RAT
2022-03-07LAC WATCHCyber ​​Emergency Center
@online{center:20220307:i:aadcf34, author = {Cyber ​​Emergency Center}, title = {{I CAN'T HEAR YOU NOW! INTERNAL BEHAVIOR OF INFORMATION-STEALING MALWARE AND JSOC DETECTION TRENDS}}, date = {2022-03-07}, organization = {LAC WATCH}, url = {https://www.lac.co.jp/lacwatch/report/20220307_002893.html}, language = {Japanese}, urldate = {2022-04-05} } I CAN'T HEAR YOU NOW! INTERNAL BEHAVIOR OF INFORMATION-STEALING MALWARE AND JSOC DETECTION TRENDS
Xloader Agent Tesla Formbook Loki Password Stealer (PWS)
2022-01-21ZscalerJavier Vicente, Brett Stone-Gross
@online{vicente:20220121:analysis:419182f, author = {Javier Vicente and Brett Stone-Gross}, title = {{Analysis of Xloader’s C2 Network Encryption}}, date = {2022-01-21}, organization = {Zscaler}, url = {https://www.zscaler.com/blogs/security-research/analysis-xloaders-c2-network-encryption}, language = {English}, urldate = {2022-01-25} } Analysis of Xloader’s C2 Network Encryption
Xloader Formbook
2022-01-06VMRayVMRay Labs Team
@online{team:20220106:malware:f4efbd5, author = {VMRay Labs Team}, title = {{Malware Analysis Spotlight: XLoader’ Cross-platform Support Utilizing XBinder}}, date = {2022-01-06}, organization = {VMRay}, url = {https://www.vmray.com/cyber-security-blog/malware-analysis-spotlight-xbinder-xloader/}, language = {English}, urldate = {2022-01-25} } Malware Analysis Spotlight: XLoader’ Cross-platform Support Utilizing XBinder
Xloader
2021-09-30BlackberryThe BlackBerry Research & Intelligence Team
@online{team:20210930:threat:d31cc55, author = {The BlackBerry Research & Intelligence Team}, title = {{Threat Thursday: xLoader Infostealer}}, date = {2021-09-30}, organization = {Blackberry}, url = {https://blogs.blackberry.com/en/2021/09/threat-thursday-xloader-infostealer}, language = {English}, urldate = {2021-10-11} } Threat Thursday: xLoader Infostealer
Xloader Formbook
2021-09-02MalwareBookReportsmuzi
@online{muzi:20210902:crossplatform:31ac1a5, author = {muzi}, title = {{Cross-Platform Java Dropper: Snake and XLoader (Mac Version)}}, date = {2021-09-02}, organization = {MalwareBookReports}, url = {https://malwarebookreports.com/cross-platform-java-dropper-snake-and-xloader-mac-version/}, language = {English}, urldate = {2022-03-25} } Cross-Platform Java Dropper: Snake and XLoader (Mac Version)
Xloader 404 Keylogger
2021-07-27Check PointAlexey Bukhteyev, Raman Ladutska
@online{bukhteyev:20210727:timeproven:d927632, author = {Alexey Bukhteyev and Raman Ladutska}, title = {{Time-proven tricks in a new environment: the macOS evolution of Formbook}}, date = {2021-07-27}, organization = {Check Point}, url = {https://research.checkpoint.com/2021/time-proven-tricks-in-a-new-environment-the-macos-evolution-of-formbook/}, language = {English}, urldate = {2021-07-29} } Time-proven tricks in a new environment: the macOS evolution of Formbook
Xloader
2021-07-26SentinelOnePhil Stokes
@online{stokes:20210726:detecting:5795d48, author = {Phil Stokes}, title = {{Detecting XLoader | A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger}}, date = {2021-07-26}, organization = {SentinelOne}, url = {https://www.sentinelone.com/blog/detecting-xloader-a-macos-malware-as-a-service-info-stealer-and-keylogger/}, language = {English}, urldate = {2021-07-26} } Detecting XLoader | A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger
Xloader
2021-07-26MalwarebytesThomas Reed
@online{reed:20210726:osxxloader:b3818a3, author = {Thomas Reed}, title = {{OSX.XLoader hides little except its main purpose: What we learned in the installation process}}, date = {2021-07-26}, organization = {Malwarebytes}, url = {https://blog.malwarebytes.com/mac/2021/07/osx-xloader-hides-little-except-its-main-purpose-what-we-learned-in-the-installation-process/}, language = {English}, urldate = {2021-08-02} } OSX.XLoader hides little except its main purpose: What we learned in the installation process
Xloader
2021-07-21Check PointCheck Point Research
@online{research:20210721:top:9329aad, author = {Check Point Research}, title = {{Top prevalent malware with a thousand campaigns migrates to macOS}}, date = {2021-07-21}, organization = {Check Point}, url = {https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/}, language = {English}, urldate = {2021-07-26} } Top prevalent malware with a thousand campaigns migrates to macOS
Xloader
2020-10-23@krabsonsecurity
@online{krabsonsecurity:20201023:interesting:215d0bc, author = {@krabsonsecurity}, title = {{Tweet: An interesting tidbit: it has a Mach-O bin}}, date = {2020-10-23}, url = {https://twitter.com/krabsonsecurity/status/1319463908952969216}, language = {English}, urldate = {2021-07-06} } Tweet: An interesting tidbit: it has a Mach-O bin
Xloader

There is no Yara-Signature yet.