Published: August 25, 2021 on our newsletter Security Fraud News & Alerts Newsletter.
The malware variant previously known as Formbook has been updated, and a study by Check Point Research finds its new name, “XLoader,” is far from the only change made to this previously Windows-based malware. According to its creator, Formbook was originally released as a simple info-stealing malware limited to attacks on Windows systems. However, no one expected the malware would resurface just last year with new infection capabilities. One of the most significant changes allows attacks against MacOS. XLoader is now a malware that Mac users must contend with as well.
XLoader is an info-stealer with remote access capabilities. Keystroke logging, screenshots, and data exfiltration are a few attack options, and all have extensive command-and-control setups. The data exfiltration allows the theft of account credentials which covers anything from passwords to banking and credit card details and more.
Check Point reveals that although Formbook is no longer available, it remains a significant threat in the wild. And now, XLoader is available for rent under license agreement in underground forums for $59 to $129.
So far, requests for access to XLoader have come from potential threat actors in 69 countries, and more than half of its victims were detected in the U.S.
The malware starts its infection through email phishing using weaponized attachments, like malware-laden Microsoft Office documents. Employees lacking cybereducation are likely to open the email and the infected attachment. From there, an entire system can succumb to XLoader and its data stealing properties.
Email phishing, the scourge of businesses worldwide, can be minimized through employee cybereducation. Teaching staff how to spot the red flags that most email phishing contains can be invaluable to system security. Below are tips that can help expose an email phish and stop it from going any further.
Email Phishing Cyber-Smarts
Think before you click. Phishing emails often have malware attachments and malicious links in the message and acting on them can be the first step to installing malware on your device.
Be aware of bad spelling or grammar in an email. A legitimate email should not have any typos or bad grammar.
Be aware of any sense of urgency in the email. Hackers like to push us into acting quickly before there’s enough time to scrutinize the email request.
Use a healthy dose of common sense. If for any reason you feel an email isn’t quite right, don’t act on it. Always verify an email request with the sender, but don’t use any contact information provided in the email. It could lead directly to the hacker, so look up the legitimate contact information yourself.
Keep software updated, especially anti-virus software. Updates have fixes to security flaws that can leave a system open to attack.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org