Malware containing a hijacked version of the open source software XMRig is currently plaguing systems running macOS, mining cryptocurrencies without the knowledge of the computer owner. According to the firm Jamf Threat Labs, the malware would be deployed via pirated versions of software published by Apple such as Final Cut Pro.
Malware threatens macOS
The security firm Jamf Threat Labs recently discovered a malware operating on the macOS operating system in a completely hidden manner and therefore particularly difficult to detect by the various security systems.
#JamfThreatLabs latest research on the stealthy #macOS #malware that is delivered through pirated Final Cut Pro apps was featured in @DarkReading. Be sure to stay vigilant and only download apps from trusted sources. https://t.co/TY32al17Zx
—Jamf (@JamfSoftware) February 23, 2023
This is a hijacked version of XMRig, an open source software usually harmlessly used to mine – mostly – XMR, the cryptocurrency of the Monero blockchain. The malicious version acts in the same way as the initial software, i.e. it uses computer resources (CPU and GPU) to mine cryptocurrencies.
But in this case, the malware (containing XMRig) is installed without the knowledge of the owner of the infected computer, and the mined cryptocurrencies are then sent to the person who deployed the malware. According to Jamf Threat Labs, the XMRig malware has only been detected very recently, and very few security solutions are able to isolate it.
Why is this malware exclusive to macOS? Because the malware would mainly come from an illegal version of Final Cut Pro, a video editing software published by Apple. More specifically, the torrents concerned would come from the site The Pirate Bay, which offers certain versions of Adobe Photoshop and Logic Pro software also potentially infected, among others.
According to the security firm, the malware was designed to be invisible to Spotlightthe file search engine built into macOS, by passing off the mining process as a legitimate one.
👉 To deepen – How to store and secure your cryptocurrencies?
The best way to secure your cryptocurrencies 🔒
🔥 The world leader in crypto security
What solution to deal with XMRig malware?
Apple product owners can be reassured: if your operating system is up to date, you are most likely out of danger. Indeed, as Jamf Threat Labs reports, macOS Ventura update introduced last October (for Apple hardware with Apple Silicon chip) prevents the infected program from being able to launch thanks to the many security fixes included in this release.
However, although the infected version of the software is unable to launch, the malware succeeds however. This is why if a user of an illegal version of Final Cut Pro sees an error message when launching the software, it is likely that XMRig is launched in a hidden way.
The malware was designed to launch at the same time as the infected software, so starting the latter is imperative. Then, the cryptocurrency mining system launches invisibly and the mined crypto are then transferred to the malicious individual via the anonymous I2P network.
Note that if you are potentially affected by this malware, one of the easiest ways to find out is to observe if your computer is very slow after launching Final Cut Pro. Effectively, the XMRig malware would consume 70% of the CPU power, which has the immediate effect of slowing down the system significantly.
👉 In the news – Wormhole hack: the thief of 120,000 ETH gets hacked in turn
🎁 Cryptoast Research Launch Offer
1st Newsletter Free with the code TOASTNL
SSource: Jamf Threat Labs
Newsletter 🍞
Receive a summary of crypto news every Monday by email 👌
What you need to know about affiliate links. This page presents assets, products or services relating to investments. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and could not be held responsible, directly or indirectly, for any damage or loss caused following the use of a good or service highlighted in this article. Investments related to crypto-assets are risky by nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
AMF recommendations. There is no guaranteed high return, a product with high return potential involves high risk. This risk-taking must be in line with your project, your investment horizon and your ability to lose part of this savings. Do not invest if you are not ready to lose all or part of your capital.
To go further, read our Financial Situation, Media Transparency and Legal Notices pages.