image
There’s a new version of the old FormBook form-stealer and keylogger that’s added Mac users to its hit list, and it’s selling like hotcakes on the darknet for as low as $49. It’s not only cheap; it’s easy. The data stealer is distributed in the form of malware-as-a-service (MaaS) and stands out from competing malware by being drop-dead simple to use, outfitting even code dummies with a multipurpose malware tool. In a report posted on Wednesday, analysts at Check Point Research (CPR) said that the new strain of FormBook – which mainly targeted Windows users when it first popped up on hacking forums in 2016 – is named XLoader. According to the report, FormBook disappeared from malware markets in 2018, then rebranded to XLoader in 2020. Over the past six months, XLoader’s been a busy beaver, prolifically targeting Window users but also gnawing on its newfound love: namely, “to CPR’s surprise,” Mac users. XLoader licenses start at $49: a price that will get even the most inexperienced and poorly funded cyberattackers a tool that they can use to harvest log-in credentials, collect screenshots, log keystrokes and execute malicious files. CPR has tracked XLoader requests flooding in from eager attackers in 69 countries. Most of the targets – 53 percent – are in the U.S., including both Mac and Windows users. The breakdown of victims by country is presented in the bar graph below: Victims are tricked into downloading XLoader via spoofed emails that contain malicious Microsoft…

Source