Report Unveils Crypto-Mining Malware Targeting Mac Users

A recent report unveils that a crypto-mining malware is targeting Apple’s macOS users that secretly mine cryptos and transfer mined assets to attacker’s wallets.

According to an extensive report published by Jamf Threat Labs, a Minneapolis-based digital security company that works for Apple, on Thursday, analyses crypto-jacking malware that runs secretly runs XMRing, a command-line crypto-mining tool, is targeting Apple devices through the pirated versions of Apple-developed video editing software.

Check out our latest blog post authored by @mattbenyo on a family of #malware Jamf Threat Labs has been following that resurfaced and has been operating undetected, despite an earlier iteration being a known quantity to the #security community. https://t.co/PrY6nZfJ6S

— Jamf (@JamfSoftware) February 23, 2023

XMRig Proliferates Through Pirated Final Cut Pro

According to the report, when investigated further, the team was shocked to discover that this crypto-mining malware was being “executed under the guise of the Apple-developed video editing software, Final Cut Pro.”

The team searched on a Pirate Bay mirror and downloaded the most recent torrent of the pirated Final Cut Pro. The analysis of the pirated version of the video editing software unmasked a modification unauthorized by Apple. This modification was designed to run XMRig in the background.

The report notes that,

“While XMRig is commonly used for legitimate purposes, its adaptable, open-source design has also made it a popular choice for malicious actors.”

The increasing computational power of Apple processors is making macOS devices a prime target for crypto-mining malware.

“This malware makes use of the Invisible Internet Project (i2p) for communication. i2p is a private network layer that anonymizes traffic, making it a less noticeable alternative to Tor. This malware uses i2p to download malicious components and send mined currency to the attacker’s wallet.”

Furthermore, the malware is notoriously hard to spot and intelligently evades detection. Even though the i2p malware family was already discovered, this particular malware evaded the most modern detection techniques as it was disguised as a system process.

Even Cold Wallets are not Safe

These types of crypto-focused malware are extremely dangerous as they can even compromise cold non-custodial wallets. Last year, malware, dubbed Erbium, was reported to be targeting crypto wallets offered as browser extensions.

Popular non-custodial wallets like Exodus, Atomic, and Bytecoin were reportedly infected by Erbium. Likewise, these crypto-jacking malware can compromise cold wallets offered as desktop or mobile applications.

Crypto users have to be highly vigilant as the rising popularity of cryptocurrencies has made this sector a prime target of malicious actors.