Hackers hide money-mining malware in software for macOS

A recent investigation has discovered a crypto-mining malware hidden in the cracked Final Cut Pro program to install pirated on macOS.

Security firm Jamf Threat Labs (Jamf) has spent months tracking down a series of versions of the recently re-emerged malware. Recently, the company discovered that the XMRig command-line tool, specialized for mining cryptocurrencies, was installed in the cracked version of Final Cut Pro software for illegal use.

Final Cut Pro, which is Apple’s video editing program for macOS systems, requires users to buy a license to use. But there is still a certain group of customers who are downloading and installing jailbreaks from online sources for free use. According to Jamf, the “malicious” version of Final Cut Pro ran the XMRig command in the background, using i2p – an anonymous network layer that enables peer-to-peer, censorship-resistant communication – to enforce communication. The malicious code downloads the necessary components for underground operations, secretly digs virtual currency and sends the results to the e-wallet of the person behind.

Specifically, after the user installs the jailbreak Final Cut Pro, the program immediately starts the XMRig command-line download and installation process, then disguises the mining activity under the guise of “mdworker_local” – a process running in the background is used by the default Spotlight search on macOS.

Researchers went to a popular website that specializes in pirating software, movies, music and all kinds of other electronic assets, and found that most of the software installed with cryptomining malware was posted since 2019. They also confirmed macOS Ventura can block suspicious software from running on the machine because the malicious program retains the original character code, only modifying the application, violating the system security policy.

But macOS Venture doesn’t stop the mining malware from executing. When the user launches the program and receives a message that Final Cut Pro has an error that cannot be opened, the malicious code has been installed in the machine.

In order not to turn your device into a free “digger” for others, security experts recommend that users do not use jailbreak software to use pirated copyright. If you don’t want to pay a lot of money to the developer (for example, Final Cut Pro up to 300 USD), users can look to free but still safe options like iMovie or DaVinci Resolve.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.