Pirated copies of a popular video editing software tool for Mac devices have been found distributing malware (opens in new tab) on torrent sites.
Researchers from Jamf Threat Labs stumbled upon an instance of XMRig - a popular cryptocurrency miner that’s often used in cryptojacking attacks, disguised as Apple’s Final Cut Pro offering.
Cryptojacking is essentially device hijacking, where a threat actor installs a miner and sends all of the generated tokens to an address they own. It’s called hijacking because when a miner is running, it usually takes up all of the device’s computing power, rendering it useless for pretty much anything else.
Hiding from antiviruses
Deeper analysis by Jamf determined that it was a pirated version of Final Cut Pro, modified to run XMRig in the background.
While XMRig is usually picked up by antivirus programs, this variant somehow remained under the radar. At the time of their report (opens in new tab), the researchers said, VirusTotal was still not recognizing the pirated Final Cut Pro version as malicious.
The program was being distributed through Pirate Bay, the researchers added, as Pirate Bay is one of the world’s most popular torrent sites, and the user that uploaded it is a “well-known uploader”.
> This new Linux malware floods machines with cryptominers and DDoS bots (opens in new tab)
> Windows and Linux servers turned into crypto miners (opens in new tab)
> Check out the best firewalls right now (opens in new tab)
Commenting on the discovery, Apple told 9To5Mac: “We continue to update XProtect to block this malware, including the specific variants cited in JAMF’s research. Additionally, this malware family does not bypass Gatekeeper protections. The Mac App Store provides the safest place to get software for the Mac. For software downloaded outside the Mac App Store, Apple uses industry-leading technical mechanisms, such as the Apple notary service and XProtect, to protect users by detecting malware and blocking it so it can’t run.”
As usual, the best way to protect against these threats is to only download legal software, from legitimate sources. Torrents, cracks and keygens, and other illegal software found online are filled with viruses and malware. To keep the endpoints protected, one can also install an antivirus program, a firewall, and set up multi-factor authentication whenever possible.
- Here are the best endpoint protection software (opens in new tab) today
Via: 9To5Mac (opens in new tab)