Xagent, a malware for macOS steals iPhone backups, passwords and take screenshots

Computer security researchers have warned of a new threat to users of the macOS operating system that is able to remove passwords, take screenshots and even rip iPhone copies stored on our computer.

Malware researchers have discovered a group of cyber spies called APT28 capable of stealing Macs iPhone backups, passwords and screenshots. APT28 is also known as ‘ Fancy Bear’, ‘Pawn Storm’, ‘Sofacy’ and ‘Sednit’.

The malware, known as Xagent, has been developed by a group of Russian hackers known as APT28 suspected of having interfered in the US presidential elections of 2016. The group is held responsible for a large number of attacks. These hackers have in the past developed malicious software code of similar characteristics for other operating systems like Windows, iOS, Android, and Linux.

This Windows malware has been adapted for iOS and Linux in the past. Now the Romanian antivirus company BitDefender says it has discovered a version for MacOS.

The macos version of Xagent also acts based on a modular system that allows the attackers to execute precise orders and in dependence of the objectives. The instructions are sent through URLs that simulate the addresses used by Apple, and thus try to mislead the user in case they monitor the incoming and outgoing traffic.

Last year it became clear that APT28 focused on Mac computers, but then went to another instance of malware. They now discovered version of X-Agent domains that are similar to Apple domains.

Once the malware enters our Mac and becomes active, it can make screenshots of the desktop, steal iPhone backups and passwords from the browser. Bitdefender will soon release more details about the malware.


Please enter your comment!
Please enter your name here