Info Stealer

XLoader

First seen: 2020 • Status: active

Currently Active Threat

XLoader evolved from an older stealer to work on Macs and Windows, stealing passwords from browsers and email programs.

Overview

XLoader is the macOS and evolved version of FormBook stealer. It steals credentials from browsers, email clients, and FTP applications across multiple platforms.

Also Known As

FormBook successor, X-Loader

How It Spreads

  • Phishing emails
  • Office document macros
  • Fake applications
  • Torrent downloads

What It Does

  • Browser credential theft
  • Email client harvesting
  • FTP credential theft
  • Screenshot capture
  • Keylogging

Is your business exposed?

Target Platforms

Windows, macOS

Detection Tips

  • Monitor for XLoader network signatures
  • Check for FormBook-like behavior
  • Analyze Office macro execution
  • Review cross-platform infections

MITRE ATT&CK Techniques

T1555, T1056, T1113, T1566, T1204

If You're Infected

  1. 1.

    Remove XLoader from all platforms

  2. 2.

    Reset all credentials

  3. 3.

    Clear browser saved passwords

  4. 4.

    Review email and FTP account access

Related Malware

Formbook, Agenttesla, Snakekeylogger

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices