Apple macOS targeted in latest malware encryption threat
A new wave of crypto-jacking malware is spreading across the Apple ecosystem, specifically targeting the Mac operating system.
Apple lovers often boast that they are immune to viruses and malware, but they couldn’t be further from the truth.
According to a report from Apple Insider on February 23, a new elusive crypto-jacking malware strain was discovered on macOS. The malicious software appears to spread through pirated versions of Final Cut Pro, a movie editing suite.
Jamf Threat Labs, a cybersecurity firm for the Apple ecosystem, first discovered the malware. It spent the past few months tracking the malware variants that have recently resurfaced. Similar crypto-jacking malware hit Apple’s operating system in 2018.
The XMRig command-line mining tool was found running in the background of pirated versions of Apple’s $300 video editing suite. In addition, the malware appeared in pirated versions of Adobe Photoshop and Logic Pro, Apple’s music sampling software.
Apple’s malware on the rise
Once installed, the malware secretly mines cryptocurrency using the infected Macs.
It is also designed to avoid detection. Apple Macs have an “Activity Monitor” that users can open to see what’s running. The malware stops operating when this tool is activated to avoid detection.
In a report explaining the threat, Jamf warned:
“Adware has traditionally been the most prevalent type of macOS malware, but crypto-jacking, a stealthy and large-scale crypto-mining scheme, is becoming increasingly prevalent,”
XMRig uses the Invisible Internet Project (i2P) communication protocol to communicate. With this, it can also send mined cryptocurrency to the attacker’s wallet.
In addition, malware also tries to trick Mac users into completely disabling Apple’s Gatekeeper protection in order to get the pirated application to run.
Furthermore, the company’s latest operating system, macOS Ventura, fails to prevent the crypto miner from running. “Users may be unable to rely on their antimalware software to detect the infection — at least for now,” Apple Insider noted.
Avoid knock-offs
Researchers were able to identify the account that distributed the knock-off programs on the peer-to-peer sharing site Pirate Bay. Almost all copied applications shared by a particular user contained crypto-mining malware.
Jamf also discovered that security vendors on VirusTotal, a malware detection website, found no malware.
Reporting sites advised users to avoid downloading pirated Apple software, which is also good news for the world’s largest company.
Disclaimer
BeInCrypto has reached out to the company or person involved in the story for an official statement on the latest development, but has yet to hear back.
