Security News > 2023 > August > Bogus OfficeNote app delivers XLoader macOS malware
A new macOS-specific variant of the well known XLoader malware is being delivered disguised as the "OfficeNote" app.
XLoader is a malware-as-a-service infostealer and botnet that has been active since 2015, but first appeared as a macOS variant in 2021, written in Java.
"The Java Runtime Environment hasn't shipped by default on macOS since the days of Snow Leopard, meaning the malware was limited in its targeting to environments where Java had been optionally installed," SentinelOne researchers explained.
So the malware developers rewrote XLoader for Mac to function without dependencies.
"Written natively in the C and Objective C programming languages and signed with an Apple developer signature, XLoader is now masquerading as an office productivity app called 'OfficeNote'," they discovered.
"XLoader continues to present a threat to macOS users and businesses. This latest iteration masquerading as an office productivity application shows that the targets of interest are clearly users in a working environment," the researchers concluded.
News URL
https://www.helpnetsecurity.com/2023/08/23/xloader-macos-officenote/
Related news
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- XCSSET macOS malware returns with first new version since 2022 (source)
- Microsoft spots XCSSET macOS malware variant used for crypto theft (source)
- Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (source)
- The XCSSET info-stealing malware is back, targeting macOS users and devs (source)
- New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (source)