Feb 24, 2023 14:00:00

Malware that infects Mac and mines virtual currency without permission is installed in pirated version ``Final Cut Pro''

A pirated version of

Final Cut Pro , a video editing software for macOS, contains cryptojacking malware that uses the device's resources to mine cryptocurrency without the user's permission, cybersecurity firm Jamf Threat reports. Labs reported. The malware discovered this time has a sophisticated detection avoidance system and was not detected by most security software.

Beware of macOS cryptojacking malware.
https://www.jamf.com/blog/cryptojacking-macos-malware-discovered-by-jamf-threat-labs/

Pirated Final Cut Pro infects your Mac with cryptomining malware
https://www.bleepingcomputer.com/news/security/pirated-final-cut-pro-infects-your-mac-with-cryptomining-malware/

Mac cryptomining malware found in pirate copies of Final Cut Pro
https://9to5mac.com/2023/02/23/mac-cryptomining-malware/

Cryptojacking malware is malware that makes unauthorized use of the computing resources of an infected device to mine cryptocurrency without the user's knowledge. Mining cryptocurrencies requires significant processing power, making macOS devices attractive targets for cryptojacking malware as Apple's Mac chips continue to advance. .

One day, a research team at Jamf Threat Labs detected a cryptojacking malware that uses XMRig , a cryptocurrency mining tool. Originally, XMRig was published as a legitimate cryptocurrency mining tool, but due to its adaptability and open source, it is also widely used by malicious actors.

The cryptojacking malware detected by Jamf Threat Labs was installed in a pirated version of Final Cut Pro, a video editing software for macOS. Users who uploaded pirated versions with malware have been uploading pirated software for macOS, including Photoshop and Logic Pro , since 2019, all of which contained malware for cryptocurrency mining.

The research team's analysis shows that the cryptojacking malware in pirated Final Cut Pro has evolved through three major stages of development. The first generation, which appeared in 2019, avoided detection by anonymizing malware

C&C communications , and the second generation, which appeared in April 2021, hid executable files in app bundles.

And in the third generation, which appeared in October 2021, a function that disguises malicious processes as macOS desktop search functions and Spotlight system processes, and a macOS performance monitoring tool, Activity Monitor , are running every 3 seconds. It also has a function to check whether the activity monitor is running and terminate the malicious process as soon as it is found. The combination of these means that even if a user suspects that their device is running slow, they can't find malware in Activity Monitor.

In addition, macOS Ventura, released in October 2022, introduced a strict code signature check, which can detect changes in pirated Final Cut Pro and block the application, but at the time of blocking, malware has already been installed. It is said that it is. Technology media Bleeping Computer says, ``In conclusion, most pirated software is infected with malware and adware, so we recommend that you do not download pirated software from P2P networks.''

'We continue to update XProtect to block this malware, including specific variants cited in Jamf's research , ' Apple told tech media 9to5Mac. We don't bypass it, the Mac App Store is the safest place to get software for your Mac.'