OSX.XLoader

ThreatDown is now the name of the Malwarebytes line of business products. References to Malwarebytes below reflect the amazing technology used to first identify the threat.

Short bio

OSX.XLoader is Malwarebytes’ detection name for a credential harvesting malware aimed at systems running macOS.

Type of infection

The malicious Mac application is dropped and executed by a JAR file which requires Java to be installed on the system. It is likely that the JAR file was sent by email in targeted attacks.

Malicious behavior

Users may see this warning when opening the JAR file.

and this screen once the JAR file is run.

Aftermath

The JAR file is a dropper that drops and executes the actual payload. The dropped malware gains persistence by creationg a launch agent .plist file.

Protection

Malwarebytes for Mac detects and removes OSX.XLoader.

Home remediation

Malwarebytes for Mac will detect and remove the components of this malware.

Download and install the latest version of Malwarebytes for Mac.

Click the “Scan Now” button to perform a system scan.

If threats are detected during the scan, a count of detected threats is displayed. More detailed threat information is displayed after the scan completes.

Click “Confirm” to move the detected threats to Quarantaine.

If a restart is required to complete remediation of threats detected during a scan, you will be notified. When a restart is required, please remember to save all work before clicking “Restart”.

Similiar detections

OSX.FrigidStealer OSX.Banshee OSX.Poseidon OSX.Pirrit OSX.AtomStealer OSX.Genieo OSX.MacStealer OSX.SmoothOperator OSX.MalProxy Ransom.OSX.EvilQuest View all OSX detections >

Products

Services

Platforms

Why ThreatDown

Detection Details

OSX.XLoader

Short bio

Type of infection

Malicious behavior

Aftermath

Protection

Home remediation

Similiar detections

Products & Services

Partners

Resources

Managed Services Terms & Conditions

Support

Get in Touch