img HowTosOSX

How to remove Xagent Mac malware

Get a full profile on the Xagent Mac virus, including the infection vectors and its impact, and use cleanup techniques to remove this malware from Mac OS X.

The Xagent Mac malware demonstrates how rapidly cyber espionage is evolving. The original version of this stealth infection targeted devices running Windows, Linux, Android and iOS platforms. It’s not until February 2017 that researchers discovered its Mac edition. The hacker group behind it is believed to be high-profile. According to preliminary verdicts of IT experts who have looked into this issue, Xagent Mac is managed by state-sponsored criminals from Russia. Referred to as APT28 (alias Fancy Bear or Sofacy), the threat actors allegedly have close ties to GRU, Russia’s Main Intelligence Agency. This particular group gained notoriety for compromising the German parliament (Bundestag) and attacking U.S. Democratic National Committee last year.

Xagent Mac virus is affiliated with a Russian hacker group

As it has been mentioned, the top-notch offensive operations of APT28 have recently moved into the Mac OS X realm. Xagent exhibits backdoor properties. It arrives at Mac machines through the use of a sophisticated downloader known as Komplex. When inside, it establishes connection with its Command and Control server to download additional modules behind the scenes. The URLs being reached during this process are camouflaged as domains affiliated with Apple – this is probably an anti-detection trick to circumvent site blacklisting mechanisms. The Xagent components downloaded from the malicious C2furtively identify the target machine’s software and hardware configuration. In particular, the infection harvests information on running processes in order to determine what apps the victim uses and which parts of the system can be exploited as the breach proceeds. That’s only part of the contamination aftermath, though. The backdoor also makes snapshots of the desktop and steals passwords for online-accessible accounts. To add insult to injury, it also finds iPhone backups that are kept on the plagued computer. The entirety of collected data is then exfiltrated to the C&C server.

The blatant information mining operation deployed by Xagent Mac malware is a serious threat to a victim’s identity. Given that the infection is presumably associated with the Kremlin’s intelligence forces, the most likely targets are defense contractors and governments. Data theft, obviously, is a particularly sensitive issue for these organizations. Fortunately, there are Mac security suites capable of detecting and eradicating Xagent. Keep reading this article to learn all the applicable troubleshooting methods.

Xagent manual removal for Mac

The steps listed below will walk you through the removal of this malicious application. Be sure to follow the instructions in the order specified.

• Open up the Utilities folder as shown below

Open up the Utilities

• Locate the Activity Monitor icon on the screen and double-click on it

Locate the Activity Monitor

• Under Activity Monitor, find the entry for Xagent (or other dubious-looking object), select it and click Quit Process

Quit Xagent process

• A dialog should pop up, asking if you are sure you would like to quit the Xagent executable. Select the Force Quit option

• Click the Go button again, but this time select Applications on the list. Find the entry for Xagent on the interface, right-click on it and select Move to Trash. If user password is required, enter it

• Now go to Apple Menu and pick the System Preferences option

Pick the System Preferences

• Select Accounts and click the Login Items button. Mac OS will come up with the list of the items that launch when the box is started up. Locate Xagent or other suspicious entry there and click on the “-“ button

Remove Xagent from Login Items

 

Get rid of Xagent Mac virus using Freshmac automatic removal tool

When confronted with malicious code like the Xagent virus tech support scam on Mac, you can neutralize its toxic impact by leveraging a specially crafted system utility. The Freshmac application (read review) is a perfect match for this purpose as it delivers essential security features along with must-have modules for Mac optimization.

This tool cleans unneeded applications and persistent malware in one click. It also protects your privacy by eliminating tracking cookies, frees up disk space, and manages startup apps to decrease boot time. On top of that, it boasts 24/7 tech support. The following steps will walk you through automatic removal of the Xagent Mac virus infection.

1. Download Freshmac installer onto your machine. Double-click the Freshmac.pkg file to trigger the installer window, select the destination disk and click Continue. The system will display a dialog asking for your password to authorize the setup. Type the password and click Install Software.

Download Freshmac

2. Once the installation has been completed, Freshmac will automatically start a scan consisting of 5 steps. It scans cache, logs, unused languages, trash, and checks the Mac for privacy issues.

Freshmac scan start

3. The scan report will then display your current system health status and the number of issues detected for each of the above categories. Click the Fix Safely button to remove junk files and address privacy issues spotted during the scan.

Freshmac scan report
System Status verdict by Freshmac
Cache Cleanup section of Freshmac scan report
Privacy Cleaner

4. Check whether the Xagent Mac virus has been fixed. If the lock screen is still there, go to the Uninstaller option on Freshmac GUI. Locate an entry that appears suspicious, select it and click Fix Safely button to force-uninstall the unwanted application.

Uninstaller pane

5. Go to Temp and Startup Apps panes on the interface and have all redundant or suspicious items eliminated as well. The Xagent Mac virus fraud shouldn’t be causing any further trouble.

Return

Search