{"id":53340,"date":"2023-08-22T19:10:00","date_gmt":"2023-08-22T19:10:00","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/newer-better-xloader-signals-dangerous-shift-macos-malware"},"modified":"2023-08-22T19:10:00","modified_gmt":"2023-08-22T19:10:00","slug":"newer-better-xloader-signals-a-dangerous-shift-in-macos-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/","title":{"rendered":"Newer, Better XLoader Signals a Dangerous Shift in macOS Malware"},"content":{"rendered":"<p><span>A new Mac-oriented variant of the XLoader infostealer spread widely in the wild last month, signaling a shift in hackers&#8217; ability to effectively target macOS environments.<\/span><\/p>\n<p><span>From mid- to late July, the file &#8220;OfficeNote.dmg&#8221; was uploaded to VirusTotal nine times, from countries as far and wide as the US, India, Spain, Singapore, and the Philippines. The innocuously named disk image file was actually an updated version of the XLoader infostealer, specially designed to steal credentials from Mac users.<\/span><\/p>\n<p><span>Hackers increasingly have been <\/span><a href=\"https:\/\/www.darkreading.com\/remote-workforce\/researchers-discover-first-ever-major-ransomware-targeting-macos\" target=\"_blank\" rel=\"noopener\"><span>converting Windows malware for use in macOS environments<\/span><\/a><span> as of late, but the newest XLoader is far more than just a janky derivative.<\/span><\/p>\n<p><span>&#8220;In the past,&#8221; says Phil Stokes, a threat researcher at SentinelOne, &#8220;it was very common to see cross-platform malware that was a port from a Windows malware, but it was not very effective. The developers didn&#8217;t really know how to develop for Mac, right? Well, I think that time is behind us now.&#8221;<\/span><\/p>\n<h2 class=\"regular-text\">The New XLoader for Macs<\/h2>\n<p><a href=\"https:\/\/www.darkreading.com\/endpoint\/cybercriminals-rewrite-malware-to-target-macos\" target=\"_blank\" rel=\"noopener\"><span>The first XLoader built for Mac environments<\/span><\/a><span> was discovered two years ago, almost to the day. It was a Java program, which proved to be its Achilles&#8217; heel. The Java Runtime Environment hasn&#8217;t been a default element of macOS since Snow Leopard, meaning that XLoader could only work on hosts that had downloaded Java for some reason or another.&nbsp;<\/span><\/p>\n<p><span>The new XLoader has no such flaw \u2014 it&#8217;s written natively in C and Objective C. It&#8217;s packaged in an application file with the legitimate-sounding name &#8220;Office Note,&#8221; the macOS Microsoft Word logo, and an Apple developer signature. Apple has since revoked the signature, but &#8220;it won&#8217;t make much difference,&#8221; Stokes says.<\/span><\/p>\n<p><span>&#8220;All it means is that the developers will have to pivot to another signature. Developers&#8217; signatures are bought and sold on the Dark Net, or they&#8217;re fakes. They can even ad hoc sign, which means it doesn&#8217;t actually have a developer signature, but it will still get past Apple&#8217;s gatekeeper detection.&#8221;<\/span><\/p>\n<p><span>When the file is executed, it will present the user with an error message, while simultaneously installing its payload and a persistence mechanism in the background of the machine.&nbsp;<\/span><\/p>\n<figure><img decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/BAHXm162W9vLFnGN2vgoxtciD-qqAFHMOHDSP9zz7li67-NtTj9pbg_FtWNrVCplAqP557rJ0T6zw6SD6zLqP3oCeTzf42cExZArCd4p3vgbaDfOlzZn348eW4gwU-Jc3LQP5Hl4UbCZLPrmwOOzDsw\" alt=\"Error message displayed on screen: \"><figcaption>Source: SentinelOne<\/figcaption><\/figure>\n<p><span><em><\/em><\/span><span>Once installed, XLoader will attempt to steal credentials saved in Firefox and Chrome, as well as the user&#8217;s clipboard.<\/span><\/p>\n<p>Notably, at the time of SentinelOne&#8217;s publication, Apple&#8217;s anti-malware tool XProtect did not have a signature for detecting and blocking OfficeNote.dmg.<\/p>\n<h2 class=\"regular-text\">The New Face of Mac Malware<\/h2>\n<p><span>Because MacBooks historically have been marketed to individuals rather than industry or big business, they&#8217;ve tended to be of less interest to cybercriminals. &#8220;Five years ago, there were not very many people who had Macs in the enterprise. Now developers love them, the C-suite loves them, and so they&#8217;re great targets. And threat actors will follow wherever the trend is.&#8221;<\/span><\/p>\n<p><span>Threat actors <\/span><a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/new-mac-malware-samples-underscore-growing-threat\" target=\"_blank\" rel=\"noopener\"><span>began experimenting with Mac malware<\/span><\/a><span> by unevenly rejiggering existing Windows malware. At best, they would write new malware in languages friendly to both operating systems, like Golang or Rust. &#8220;They&#8217;re such easy languages for people to learn, and such powerful languages. It&#8217;s now much easier to write very good software for different platforms that is going to work out of the box,&#8221; Stokes says.<\/span><\/p>\n<p><span>Now, he adds, entire cybercrime teams are dedicated to Mac development. The results are bearing fruit in the form of this new XLoader, but also programs like <\/span><a href=\"https:\/\/www.sentinelone.com\/blog\/atomic-stealer-threat-actor-spawns-second-variant-of-macos-malware-sold-on-telegram\/\" target=\"_blank\" rel=\"noopener\"><span>Atomic Stealer<\/span><\/a><span>, <\/span><a href=\"https:\/\/www.uptycs.com\/blog\/macstealer-command-and-control-c2-malware\" target=\"_blank\" rel=\"noopener\"><span>MacStealer<\/span><\/a><span>, and <\/span><a href=\"https:\/\/iamdeadlyz.medium.com\/pureland-a-fake-project-related-to-the-sandbox-malspam-13b9abe751d1\" target=\"_blank\" rel=\"noopener\"><span>PureLand<\/span><\/a><span>.<\/span><span><\/span><\/p>\n<h2 class=\"regular-text\">The Issue With Apple Security<\/h2>\n<p><span>But to Stokes, it isn&#8217;t merely that good malware now exists for MacBooks.<\/span><\/p>\n<p><span>&#8220;The problem is that Apple has this kind of attitude to malware, where they take it seriously, but they want it all to be invisible to the user,&#8221; he explains. The company&#8217;s dogmatic commitment to a seamless, low-effort user experience, which got them so far with consumers in the past, may not be what&#8217;s called for in the world of enterprise security.<\/span><\/p>\n<p><span>&#8220;If you&#8217;ve got a Windows machine, you&#8217;ve got a big Microsoft Defender settings page you can go and play with, and run your own scans,&#8221; he explains. &#8220;Apple&#8217;s approach is: We&#8217;re going to take care of this silently in the background. And that, for enterprises or businesses of any level, is no good. You cannot have infections going on in the background without your security team knowing about it.&#8221;<\/span><\/p>\n<p><span>Time will tell how Apple&#8217;s approach to security will stand up to scrutiny. For now, organizations running macOS will need to layer extra security on top of what they&#8217;ve got by default.<\/span><\/p>\n<p><span>&#8220;The key,&#8221; Stokes says, &#8220;is businesses should have some other kind of detection, other than just relying on Apple. Just go and make sure you&#8217;ve got something that&#8217;s giving you that extra visibility and protection.&#8221;<\/span><\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/newer-better-xloader-signals-dangerous-shift-macos-malware\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Malware aimed at macOS is no longer just a knockoff of a Windows bug, as a new infostealer proliferating on Mac laptops demonstrates.Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/newer-better-xloader-signals-dangerous-shift-macos-malware\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-53340","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Newer, Better XLoader Signals a Dangerous Shift in macOS Malware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Newer, Better XLoader Signals a Dangerous Shift in macOS Malware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-22T19:10:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/lh6.googleusercontent.com\/BAHXm162W9vLFnGN2vgoxtciD-qqAFHMOHDSP9zz7li67-NtTj9pbg_FtWNrVCplAqP557rJ0T6zw6SD6zLqP3oCeTzf42cExZArCd4p3vgbaDfOlzZn348eW4gwU-Jc3LQP5Hl4UbCZLPrmwOOzDsw\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Newer, Better XLoader Signals a Dangerous Shift in macOS Malware\",\"datePublished\":\"2023-08-22T19:10:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\\\/\"},\"wordCount\":818,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/lh6.googleusercontent.com\\\/BAHXm162W9vLFnGN2vgoxtciD-qqAFHMOHDSP9zz7li67-NtTj9pbg_FtWNrVCplAqP557rJ0T6zw6SD6zLqP3oCeTzf42cExZArCd4p3vgbaDfOlzZn348eW4gwU-Jc3LQP5Hl4UbCZLPrmwOOzDsw\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\\\/\",\"name\":\"Newer, Better XLoader Signals a Dangerous Shift in macOS Malware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/lh6.googleusercontent.com\\\/BAHXm162W9vLFnGN2vgoxtciD-qqAFHMOHDSP9zz7li67-NtTj9pbg_FtWNrVCplAqP557rJ0T6zw6SD6zLqP3oCeTzf42cExZArCd4p3vgbaDfOlzZn348eW4gwU-Jc3LQP5Hl4UbCZLPrmwOOzDsw\",\"datePublished\":\"2023-08-22T19:10:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/lh6.googleusercontent.com\\\/BAHXm162W9vLFnGN2vgoxtciD-qqAFHMOHDSP9zz7li67-NtTj9pbg_FtWNrVCplAqP557rJ0T6zw6SD6zLqP3oCeTzf42cExZArCd4p3vgbaDfOlzZn348eW4gwU-Jc3LQP5Hl4UbCZLPrmwOOzDsw\",\"contentUrl\":\"https:\\\/\\\/lh6.googleusercontent.com\\\/BAHXm162W9vLFnGN2vgoxtciD-qqAFHMOHDSP9zz7li67-NtTj9pbg_FtWNrVCplAqP557rJ0T6zw6SD6zLqP3oCeTzf42cExZArCd4p3vgbaDfOlzZn348eW4gwU-Jc3LQP5Hl4UbCZLPrmwOOzDsw\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Newer, Better XLoader Signals a Dangerous Shift in macOS Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Newer, Better XLoader Signals a Dangerous Shift in macOS Malware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/","og_locale":"en_US","og_type":"article","og_title":"Newer, Better XLoader Signals a Dangerous Shift in macOS Malware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-08-22T19:10:00+00:00","og_image":[{"url":"https:\/\/lh6.googleusercontent.com\/BAHXm162W9vLFnGN2vgoxtciD-qqAFHMOHDSP9zz7li67-NtTj9pbg_FtWNrVCplAqP557rJ0T6zw6SD6zLqP3oCeTzf42cExZArCd4p3vgbaDfOlzZn348eW4gwU-Jc3LQP5Hl4UbCZLPrmwOOzDsw","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Newer, Better XLoader Signals a Dangerous Shift in macOS Malware","datePublished":"2023-08-22T19:10:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/"},"wordCount":818,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/lh6.googleusercontent.com\/BAHXm162W9vLFnGN2vgoxtciD-qqAFHMOHDSP9zz7li67-NtTj9pbg_FtWNrVCplAqP557rJ0T6zw6SD6zLqP3oCeTzf42cExZArCd4p3vgbaDfOlzZn348eW4gwU-Jc3LQP5Hl4UbCZLPrmwOOzDsw","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/","url":"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/","name":"Newer, Better XLoader Signals a Dangerous Shift in macOS Malware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/lh6.googleusercontent.com\/BAHXm162W9vLFnGN2vgoxtciD-qqAFHMOHDSP9zz7li67-NtTj9pbg_FtWNrVCplAqP557rJ0T6zw6SD6zLqP3oCeTzf42cExZArCd4p3vgbaDfOlzZn348eW4gwU-Jc3LQP5Hl4UbCZLPrmwOOzDsw","datePublished":"2023-08-22T19:10:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/#primaryimage","url":"https:\/\/lh6.googleusercontent.com\/BAHXm162W9vLFnGN2vgoxtciD-qqAFHMOHDSP9zz7li67-NtTj9pbg_FtWNrVCplAqP557rJ0T6zw6SD6zLqP3oCeTzf42cExZArCd4p3vgbaDfOlzZn348eW4gwU-Jc3LQP5Hl4UbCZLPrmwOOzDsw","contentUrl":"https:\/\/lh6.googleusercontent.com\/BAHXm162W9vLFnGN2vgoxtciD-qqAFHMOHDSP9zz7li67-NtTj9pbg_FtWNrVCplAqP557rJ0T6zw6SD6zLqP3oCeTzf42cExZArCd4p3vgbaDfOlzZn348eW4gwU-Jc3LQP5Hl4UbCZLPrmwOOzDsw"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/newer-better-xloader-signals-a-dangerous-shift-in-macos-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Newer, Better XLoader Signals a Dangerous Shift in macOS Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53340","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=53340"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53340\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=53340"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=53340"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=53340"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}