Mac malware alert – “OfficeNote”

Malware app "OfficeNote" icon.

Do not install the fake macOS app “OfficeNote”.

It will install the “XLoader” information stealer and botnet malware.

The malware app “XLoader” has been around since 2015, with the first Mac version appearing in 2021. While previous versions could only attack Mac’s with Java installed, the newest version has circumvented this restriction, and is now able to infect any Mac.

It disguises itself as an app called “OfficeNote” (using the icon shown above), distributed in an Apple disk image called “OfficeNote.dmg”. The installer displays an error message, saying it failed, but in reality XLoader silently infects the Mac. XLoader will attempt to steal information from your Mac, and additionally make it part of a botnet, i.e. conscript your Mac into being part of a network of machines which can be used by hackers to attack other targets.

Contact your IT department or Managed Service Provider if you think your Mac might be infected.

Contact us