It used to be that Mac computers were immune from the vast majority of viruses and malware plaguing Windows and other platforms. But as Apple’s products have been growing in popularity, hackers and malware developers have been increasingly targeting macOS.

Following recent reports of Mac malware that uses a very old Windows trick which relies on Microsoft Word macros, a new strain of malware from Russian hackers has been found to steal your saved passwords and iPhone backups, security firm BitDefender said.

It’s basically a sophisticated version of the Xagent malware that has been used in the past to attack Windows, iOS, Android and Linux devices. It was probably developed by the Russian hacking group APT28 accused of hacking into the US Democratic National Committee last year.

This new strain of Xagent was found to specifically target Mac users.

Once it finds its way onto a victim’s machine, the malware uses the Komplex downloader to retrieve a payload from the server that installs a modular backdoor software. It gives the attacker advanced cyber-espionage capabilities, including the ability to steal passwords, retrieve iPhone backups created locally in desktop iTunes, take screenshots, detect system configurations and even execute files.

Notably, the Xagent download exploits a vulnerability in MacKeeper, a heavily promoted Mac optimization software which has been the subject of a class-action lawsuit for false advertising.

“For once, there is the presence of similar modules, such as FileSystem, KeyLogger, and RemoteShell, as well as a similar network module called HttpChanel,” noted researchers.

Bitdefender has not yet determined how the new malware spreads as they’re still analyzing Xagent, but we’ll make sure to update the article with further information once it becomes available. For the time being, be sure to adjust your Gatekeeper settings so that your Mac cannot download and execute apps from unidentified developers.

Source: BitDefender

  • NolesFan

    Thanks for the info, keep us posted.

  • Vander Tramp

    okay… how do we stop/block it?

    • Zohar

      Don’t enable Word macros randomly.

      • Francis

        How would it even ask to enable? If you are in Word, or just out of the blue?

      • Zohar

        If you open a Word document with macros, you’ll be presented with a dialog asking if you want to enable said macros. Just don’t and you’ll be alright (except if you’re absolutely sure of the provenance of the document of course).

  • rockdude094

    I was wondering how long it would take to hack keychain. Thanks for the update !

  • Keith Mcvid

    Im selling the exploit works very very good email me on

  • Michael

    FFS Microsoft should disable macros by default and make it available as an optional download for those who need this function. Would make macs and windows pcs more safe

  • Michael

    I find it curious that you are the only one mentioning Microsoft Word with Macros on the source and other news sites there is no word about it

  • MrE23

    So basically if you’re not dumb enough to run Mackeeper spamware you should be fine?