Stay Vigilant: New Mac malware disguised as 'OfficeNote' puts users at risk. (Pexels)

Alert: Malicious ‘OfficeNote’ Software Lurking on Dark Web Targeting Apple Macs

Adriana MaraisAugust 23, 23 Apple, macOS

A new threat has surfaced for Mac users, and it is an updated variant of the well-known XLoader malware. This time, it is cleverly disguised as a productivity application named “OfficeNote.” To ensure the security of your Mac, here is the essential information you should be aware of.

XLoader: A brief background

XLoader has been causing problems since 2015, but it usually targets Windows computers. In 2021, a macOS version appeared, but it was distributed as a Java program that was not very effective against Macs. Now there is a new version of XLoader written in C and Objective C according to Tom’s Guide report. Plus, it’s signed with an Apple developer signature, which makes it look authentic.

How malware spreads

Hackers have become quite clever. Instead of sending phishing emails with malware attachments, they disguise XLoader as a fake productivity app called “OfficeNote.” This deceptive tactic can trick unsuspecting Mac users into downloading it.

Tricky tricks

This malicious version of XLoader is hidden in the OfficeNote installation file. Although it was signed by a developer in July, it has since been withdrawn by Apple. Strangely, Apple’s built-in XProtect malware scanner is unable to detect this threat.

Expensive and dangerous

XLoader is sold as “Malware-as-a-Service” on the Dark Web. Hackers pay their authors to use it in their attacks. The macOS version is more expensive than the Windows counterpart: $199 per month or $299 for three months, compared to $59 per month or $129 for three months, Tom’s Guide reveals.

When a Mac user tries to install OfficeNote, they get an error message that makes them think something is wrong with the program. But here’s the tricky part: XLoader installs itself secretly.

What XLoader does

Once XLoader is on your Mac, it goes for the kill. It tries to steal passwords and other sensitive information from your clipboard. It also targets Google Chrome and Mozilla Firefox for cookies and other browser data. Strangely, it leaves Safari alone.

Stay safe

Be careful when downloading apps from untrusted sources to stay safe. Stick to the Mac App Store and verified developers. Keep your Mac’s software up-to-date, as Apple often releases security patches. Finally, use a reliable antivirus software that can detect and remove threats, such as XLoader.