A new kind of crypto-mining malware for Apple's macOS has been discovered, and it spreads through illegal copies of Final Cut Pro, according to a report.
During the last several months, Jamf Threat Labs has been monitoring a reemerging family of malware. According to AppleInsider, the security community is familiar with a previous variant, but the latest version has slipped discovery so far.
The Crypto-mining Virus
Jamf, in the course of its usual monitoring, became aware of XMRig, a command-line program used for cryptocurrency mining. While XMRig is often used for good, its adaptable, open-source nature has also made it a popular choice for malicious actors.
The malicious software was discovered in pirated copies of Apple's Final Cut Pro video editing program. The XMRig background process was active in this rogue build of Final Cut Pro.
The Invisible Internet Project (i2p), a private network layer that may conceal user identities, is used for its communication needs. It is what the virus needs to get its hands on more dangerous code and get whatever cryptocurrency it mines over to the cybercriminal.
Jamf looked into the infamous file-sharing site The Pirate Bay. They picked the most popular torrent from the last several days and discovered it was infected after downloading it.
The malware and all previously reported samples originated with the source or uploader. Almost all the many new uploads that began in 2019 were tainted with a malicious payload to stealthily mine bitcoin.
The virus and the XMRig command-line components are downloaded and installed as soon as the compromised Final Cut Pro software is installed. The mining is masked as a "mdworker_local" process.
Safeguarding Your PC
The researchers report that the malicious program may be prevented from running on macOS Ventura. This is because the malicious software maintains the application's original code signing but makes changes that cause it to no longer comply with the system's security requirements.
However, the miner may be run without interference with macOS Ventura. Hence, the virus is already present when the user sees an error message stating that Final Cut Pro is broken and cannot be opened.
Only cracked copies of Logic Pro and Final Cut Pro were discovered to display the error message. On macOS Ventura 13.2 and earlier, however, a pirated version of Photoshop was able to effectively run the malicious and functional components.
Avoiding infection is as simple as avoiding downloading illegal software. Final Cut Pro costs $299.99, whereas iMovie and DaVinci Resolve are both free.
During the investigation, Jamf determined that the malware sample had not been flagged as dangerous by any security vendors on VirusTotal. Several undisclosed manufacturers seemed to have begun identifying the virus in January, but some maliciously changed apps still manage to evade detection.