Windows malware XLoader now “migrated” to Macs. It was updated with macOS attack vectors and payload. This spyware can access private information, log keystrokes, take screenshots.

Payload is often distributed embedded into Microsoft Office documents.

In order to check presence of XLoader malware you can check LaunchAgents directory on your Mac – /Users/<username>/Library/LaunchAgents.

Check contents of said directory for files with random names such as com.wznlVRt83Jsd.HPyT0b4Hwxh.plist.
If such files present, contact IT team for malware removal.

Reference: XLoader malware infects Macs now; collects keystrokes, screenshots, and more, Virulent Windows ‘XLoader’ malware is now on macOS, Common Windows Malware Can Now Infect Macs



Beware of malware existence, do not open any untrusted apps or files.

QA engineer:

Business as usual.


Communicate malware existence, ensure the team follows security protocols.

Leave a comment