New Crypto-Jacking Malware Threatens Apple Mac OS

A new wave of crypto-jacking malware is spreading across the Apple ecosystem, targeting the Mac operating system in particular.

Apple aficionados often boast that they are immune from viruses and malware, but they couldn’t be further from the truth.

According to a Feb. 23 report by Apple Insider, a new evasive crypto-jacking malware strain was discovered on macOS. The malicious software appears to be spreading through pirated versions of Final Cut Pro, a movie editing package.

Jamf Threat Labs, a cybersecurity firm for the Apple ecosystem, first discovered the malware. It spent the past few months tracking the malware variants that have recently resurfaced. Similar crypto-jacking malware afflicted Apple’s operating system in 2018.  

The XMRig command line mining tool was found running in the background of copied versions of Apple’s $300 video editing suite. Additionally, the malware appeared in pirated versions of Adobe Photoshop and Logic Pro, Apple’s music sampling software.

Apple Malware on The Rise

Once installed, the malware secretly mines cryptocurrency using the infected Macs.

It is also designed to evade detection. Apple Macs have an “Activity Monitor” that users can open to see what is running. The malware ceases operations when this tool is activated to avoid detection.

In a report explaining the threat, Jamf warned:

“Adware has traditionally been the most widespread type of macOS malware, but crypto-jacking, a stealthy and large-scale crypto-mining scheme, is becoming increasingly prevalent,”

XMRig uses the Invisible Internet Project (i2P) communications protocol to communicate. With this, it can also send mined cryptocurrency to the attacker’s wallet.

Additionally, the malware also attempts to trick Mac users into completely disabling Apple’s Gatekeeper protection to make the pirate application run.

Furthermore, the company’s latest operating system, macOS Ventura, fails to prevent the crypto miner from executing. “Users might be unable to rely on their antimalware software to detect the infection — at least for now,” Apple Insider noted.

Avoid Knock-offs

Researchers were able to identify the account that distributed the knock-off programs on the peer-to-peer sharing site Pirate Bay. Almost every copied application shared by a particular user contained crypto-mining malware.

Jamf also discovered that security vendors on VirusTotal, a malware-detecting website, didn’t find the malware to be malicious.

Reporting outlets advised users to avoid downloading pirated Apple software, which is also good news for the world’s largest corporation.