New macOS malware steals passwords and iPhone backups


Cyber security firm Bitdefender says it has recently uncovered a new type of malware which targets macOS users. The company says that the malware, which it has dubbed Xagent, is capable of stealing passwords, taking screenshots and grabbing iPhone backups stored on the machine.

Bitdefender says it still can’t be absolutely certain of who is behind the malware, but all evidence points in the direction of the APT28 cybercrime group. The company says this group uses the same dropper / downloader, as well as the same control center URLs. On top of that, Bitdefender says same artifacts have been hardcoded in the binary files.

"Our past analysis of samples known to be linked to APT28 group shows a number of similarities between the Sofacy/APT28/Sednit Xagent component for Windows/Linux and the Mac OS binary that currently forms the object of our investigation," Bitdefender says in a blog post.

"For once, there is the presence of similar modules, such as FileSystem, KeyLogger and RemoteShell, as well as a similar network module called HttpChanel."

The malware contains modules that can scan the infected system for hardware and software configurations, find a list of running processes, as well as run additional files. It can grab desktop screenshots and pull out passwords stored in the browser. Bitdefender's previous research into APT28 is available here.

Published under license from, a Future plc Publication. All rights reserved.

Photo Credit:

4 Responses to New macOS malware steals passwords and iPhone backups

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.