Summary:
- Pirated software contained XMRig, a crypto-jacking malware.
- Malware is extremely difficult to identify.
- It won’t be stopped from operating by macOS Ventura.
The Apple ecosystem is being infected by a fresh wave of crypto-jacking malware that specifically targets the Mac operating system.
Apple enthusiasts frequently exclaim that their products are resistant to malware and viruses, yet this couldn’t be further from the truth.
Apple Insider reported on February 23 that a new evasive crypto-jacking malware strain has been discovered on macOS. The dangerous malware appears to be spread via unlicensed copies of the movie editing software Final Cut Pro.
The malware was recently discovered by Jamf Threat Labs, a cybersecurity company for the Apple ecosystem. It has been tracking recently emerged malware variants over the past few months. In 2018, a similar crypto-jacking malware attack affected Apple’s operating system.
Related: Cryptojacking: What is it, and Why Attacks on it are Increasing Globally?
The $300 video editing software from Apple was found to be running in the background of copies of the XMRig command line mining tool. Moreover, pirated editions of Apple’s Logic Pro music sample program and Adobe Photoshop both contained spyware.
#JamfThreatLabs latest research on the stealthy #macOS #malware that is delivered through pirated Final Cut Pro apps was featured in @DarkReading. Be sure to stay vigilant and only download apps from trusted sources. https://t.co/TY32al17Zx
— Jamf (@JamfSoftware) February 23, 2023
Apple Malware Is Growing
As soon as it’s installed, the spyware starts exploiting the infected Macs to secretly mine cryptocurrencies.
It is also designed to prevent getting detected. Users can view the processes running on their Apple Macs by opening the “Activity Monitor.” When this tool is activated, the malware stops operating in order to avoid detection.
Jamf issued a warning in a report outlining the danger:
Adware has traditionally been the most wide-ranging kind of malware for macOS, but crypto-jacking, a sneaky and massive crypto-mining scam, is on the rise.
Invisible Internet Project (i2P) is a communications protocol that is used by XMRig. This enables it to transfer the mined money to the attacker’s wallet as well.
Additionally, in order to enable the pirated application to run, the malware tries to mislead Mac users into completely removing Apple’s Gatekeeper protection.
However, the organization’s most recent operating system, macOS Ventura, fails to stop the crypto miner from operating. According to Apple Insider, “Users might not be able to rely on their antimalware software to identify the virus – at least for the time being.”
Avoid knock-offs
The account that distributed the pirated software on the peer-to-peer file-sharing website Pirate Bay was identified by researchers. A specific user’s shared applications more often than not contained malware which was employed for cryptocurrency mining.
Jamf also found that security companies on the malware-detection website VirusTotal failed to find the virus to be malicious.
The world’s largest corporation will benefit from customers being told to refrain from downloading pirated content of Apple software, according to reporting outlets.