Researchers at Check Point Research (CPR) said the Windows-based malware variant known as Formbook has been upgraded to infiltrate Mac PCs.
The new malware, called XLoader, features the same code base as Formbook.
The monitoring software has remote access capabilities and can perform keystroke logging, take screenshots, and steal account credentials.
Its command-and-control (C2) setup uses nearly 90,000 domains in network communication, with just 1,300 real C2 beacons.
The researchers said, "The other 88,000 domains belong to legitimate sites [and] the malware sends malicious traffic to them as well. This presents security vendors with the dilemma of how to determine which are the real C&C servers and not false-positively identify legitimate sites as malicious."
Access to XLoader has been requested by potential threat actors in 69 countries, and the U.S. accounts for more than half of victims so far.
View Full Article
Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA
No entries found