Xagent is a new malware for Mac that was discovered by Bitdefender, it is designed to steal passwords, take screenshots and steal iPhone backups. After installation in Mac, Xagent checks if there is a debugger, otherwise it waits for internet connection and contacts the hacker's server to wait for commands.
To give the malware some legitimacy in the eyes of the infected, the hackers bought domains for servers that resemble those of Apple. In this idea, if users discover new connections from their Mac, they might think they are transferring data to Apple, when in fact they are transferring that data to the hackers' servers.
After receiving the commands from the hacker, Xagent can transfer any kind of iPhone backups from a Mac, take screenshots and steal passwords from the browsers used. This last component is probably the most dangerous, because it can take over our identification data in many areas on the Internet.
The investigation of Bitdefender regarding the Xagent malware is ongoing, so it is likely that other functionalities will be discovered. In this idea, it is good to be very careful about what you install in your Macs, because you might not realize when you infect your computer.
"Our past analysis of samples known to be linked to APT28 group shows a number of similarities between the Sofacy/APT28/Sednit Xagent component for Windows/Linux and the Mac OS binary that currently forms the object of our investigation."
