A new wave of encryption malware is spreading across the Apple ecosystem, targeting the Mac operating system in particular.
Apple aficionados often boast that they are immune to viruses and malware, but that couldn’t be further from the truth.
According to a February 23 Apple Insider report, an elusive new strain of encryption malware has been discovered in macOS. The malicious software appears to be spreading via pirated versions of Final Cut Pro, a movie editing suite.
Jamf Threat Labs, a cybersecurity company for the Apple ecosystem, first discovered the malware. He has spent the last few months tracking down the malware variants that have recently resurfaced. A similar crypto-stealing malware affected Apple’s operating system in 2018.
The XMRig command-line mining tool was found running in the background of copied versions of Apple’s $300 video editing suite. Additionally, the malware appeared in pirated versions of Adobe Photoshop and Logic Pro, Apple’s music sampling software.
Apple malware on the rise
Once installed, the malware secretly mines cryptocurrency using infected Macs.
It is also designed to avoid detection. Apple Macs have an “Activity Monitor” that users can open to see what is running. Malware stops operations when this tool is activated to avoid detection.
In a report explaining the threat, Jamf warned:
“Adware has traditionally been the most pervasive type of macOS malware, but crypto-jacking, a stealthy, large-scale crypto mining scheme, is becoming increasingly prevalent,” he said.
XMRig uses the Invisible Internet Project (i2P) communication protocol to communicate. With that, it can also send mined cryptocurrencies to the attacker’s wallet.
Furthermore, the malware also tries to trick Mac users into completely disabling Apple’s Gatekeeper protection to run the pirated application.
Furthermore, the company’s latest operating system, macOS Ventura, cannot stop the cryptocurrency miner from running. “Users may not be able to trust their anti-malware software to detect the infection – at least for now,” noted Apple Insider.
The researchers were able to identify the account that distributed the spoofed programs on the Pirate Bay peer-to-peer sharing site. Almost all of the copied apps shared by a given user contained crypto mining malware.
Jamf also found that security vendors at VirusTotal, a malware detection website, did not consider the malware to be malicious.
Media outlets advised users to avoid downloading Apple’s pirated software, which is also good news for the world’s largest corporation.
BeInCrypto has reached out to the company or individual involved in the story for an official statement on the recent developments, but has yet to hear back.