SECURITY
SECURITY
SECURITY
Largely undetected malware family targets pirated macOS applications
Security researchers at Apple Inc. enterprise management firm Jamf Holding Corp. today detailed a largely undetected family of malware that infects pirated macOS applications to mine cryptocurrency secretly.
The malware uses XMRig, an open-source command line cryptomining tool commonly used for legitimate purposes, for nefarious intent. XMRig was first found by the researchers bundled in a pirated copy of Apple’s video editing software Final Cut Pro.
At the time of the discovery, the sample was not being detected as malicious by any security vendors on VirusTotal,free service that analyzes files and URLs for viruses, worms, trojans and other kinds of malicious content. Some vendors were later noted as detecting the malware in January, but some of the maliciously modified applications continue to go unidentified.
A hacked version of Final Cut Pro does not make for much of a concern by itself, but the researchers dug further and identified that the malware was making use of the Invisible Internet Project for communication. I2P is a private network layer that anonymizes traffic, making it a less noticeable alternative to a similar service called Tor.
Looking for other examples of malware using I2P, the researchers traced related malware and then discovered a reference to a similar example reported by Trend Micro Inc. in early February, a pirated version of the Mac version of Adobe Photoshop. The key similarity is both the malicious versions of Final Cut Pro and Photoshop tracked back to the same person with a years-long track record of sharing pirated software on The PirateBay.
“This discovery presented a rare opportunity to trace the evolution of a malware family,” researchers explain. “What started as a rudimentary and conspicuous scheme had iterated through three distinct stages of evolution into something with creative evasion techniques. As far as we could tell, only samples from the first generation of this malware family have been reported on.”
Interestingly, the pirated version of Final Cut Pro doesn’t work in macOS Ventura because of an error in the coding of the malware, but it’s an error that will likely be addressed in future malware releases.
The researchers warn that, given that cryptomining requires a significant amount of processing power, it’s likely that the ongoing advancements in Apple Arm processors will make macOS devices even more attractive targets for cryptojacking in the future.
Image: Jamf
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
