Pirated copies of a popular video-editing software tool for Mac devices that distribute malware (opens in a new tab) were found on torrent sites.
Jamf Threat Labs researchers came across an instance of XMRig, a popular cryptocurrency miner often used in cryptojacking attacks, disguised as Apple's Final Cut Pro offering.
Cryptojacking is essentially device hijacking, where a malicious actor installs a miner and sends each and every generated token to an address they own. It goes by the name of hacking, because by the time a miner is running, it typically consumes all of the device's computing power, rendering it useless for pretty much everything else.
Hide from antivirus
A subsequent analysis by Jamf determined that it was a pirated version of Final Cut Pro, changed to run XMRig in the background.
Although antivirus programs usually notice XMRig, this variation has gone somewhat under the radar. At the time of their report (opens in a new tab), the scholars claimed that VirusTotal still does not recognize the hacked version of Final Cut Pro as malicious.
The program was distributed through Pirate Bay, the researchers added, as Pirate Bay is one of the most popular torrent sites on the planet, and the user who downloaded it is a "known downloader."
Commenting on the discovery, Apple told 9To5Mac: "We are continuing to update XProtect to block this malware, including the specific variations cited in JAMF research. In addition, this family of malware does not bypass Gatekeeper protections. The Mac App Store is the safest place to get Mac software. For software downloaded outside of the Mac App Store, Apple uses state-of-the-art technical mechanisms, such as Apple Notary Service and XProtect, to protect users by detecting and blocking malware. so that it cannot be executed.
As usual, the best way to guard against these threats is to download only legal software, from legitimate sources. Torrents, cracks and keygens and other illegal software found online are full of viruses and malware. To protect endpoints, you can also install an antivirus program, a firewall, and configure multi-factor authentication whenever possible.
Via: 9To5Mac (opens in a new tab)