According to a report released by Apple Insider on Thursday, a new evasive crypto-jacking malware strain is spreading across the Apple ecosystem. The malware is particularly targeting the Mac operating system.
The malicious software appears to be spreading through pirated versions of Final Cut Pro, a movie editing package. Apple aficionados often boast that they are immune from viruses and malware, but recent incidents suggest otherwise.
Sources reveal that Jamf Threat Labs, a cybersecurity firm for the Apple ecosystem, first discovered the malware. Additionally, it spent the past few months tracking the malware variants that have recently resurfaced. The discovery also found that similar crypto-jacking malware affected Apple’s operating system in 2018.
Reportedly, the XMRig command line mining tool was found running in the background of copied versions of Apple’s $300 video editing suite. The malware also appeared in pirated versions of Adobe Photoshop and Logic Pro, Apple’s music sampling software.
XMRig is open-source software designed for mining cryptocurrencies like Monero or Bitcoin. However, it is also commonly abused by cybercriminals in their attacks, who infect computers with crypto-jackers and use their resources to mine cryptocurrency on the attacker’s behalf.
Once installed, the malware secretly mines cryptocurrency using the infected macs and it is designed to evade detection. The macs have an “Activity Monitor” that users can open to see what is running on their devices. This malware stops operations when this tool is activated to avoid detection.
In a report explaining the threat, Jamf stated:
Adware has traditionally been the most widespread type of macOS malware, but crypto-jacking, a stealthy and large-scale crypto-mining scheme, is becoming increasingly prevalent.
XMRig uses the Invisible Internet Project (i2P) communications protocol to communicate. With this, it can also send mined cryptocurrency to the attacker’s wallet. The malware also attempts to trick Mac users into completely disabling Apple’s Gatekeeper protection to make the pirate application run.
Furthermore, the company’s latest operating system, macOS Ventura, fails to prevent the crypto miner from executing. Apple Insider stated:
Users might be unable to rely on their antimalware software to detect the infection — at least for now.
The increasing threats from malicious actors have put users and regulators in a tight spot. The previous year has been anticipated to be largely in favor of crypto hackers and scammers, with huge losses throughout the year.
Immunefi, a bug bounty and security services platform for the Web3 ecosystem, published a report on the losses incurred in the crypto sector in 2022. As per the report, the crypto industry lost $3.9 billion in the previous year. Amongst these losses, hacks were found to be the main causes, accounting for 95.6% of the total, and the rest, 4.4%, comprising fraud, scams, and rug pulls.
