When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Beware: Cryptojacking malware hiding behind pirated Final Cut Pro downloads

Photo by Michael Geiger on Unsplash

Think twice before downloading Apple's Final Cut Pro video editing app on sketchy torrent sites, as your Mac might get infected with cryptojacking malware.

Security researchers at Jamf Threat Labs discovered a cryptojacking campaign targeting macOS users with a version of Final Cut Pro injected with a cryptominer. The rogue variant, along with other apps like Adobe Photoshop and Logic Pro X, were being distributed by a user named wtfisthat34698409672 on The Pirate Bay, a popular torrenting website.

One of the most notable features of the cryptojacking malware is its ability to execute the XMRig utility, an open-source software that mines for Monero cryptocurrency. It also receives updates regularly to better evade security solutions. For instance, when security tools finally detected the malware's original version, the threat actor launched a new version in 2021 that contained hidden executables in the app bundle.

A third version was introduced later on, which was capable of disguising its malicious processes as system processes on macOS's Spotlight to evade detection. The latest version even contains a script that constantly checks for the Activity Monitor. If the program is running, the malware will terminate all of its processes to avoid detection.

In its blog, Jamf Threat Labs emphasized the abilities of macOS's latest version Ventura when it comes to fighting such a threat. It stated:

"The more stringent codesigning checks in Ventura verify that all notarized apps are correctly signed and have not been modified by unauthorized processes, even after the first launch. This is an improvement from previous versions of macOS, where Gatekeeper would only validate applications during their initial launch and would regard the file as trusted once it was successfully launched."

As such, if the rogue version of Final Cut Pro is launched on Ventura, the program will fail to open as it has been modified by the threat actor with malicious code. However, in Jamf's test, the cryptominer can still run, so a user's computer will get infected with malware anyway.

To protect your Mac from malware, refrain from downloading apps from untrusted sources as they may contain malware. Do not open links or attachments from suspicious emails either.

Source: Jamf Threat Labs

Report a problem with article
Motorola Defy Satellite Link
Next Article

Motorola's latest gadget enables satellite messaging on any smartphone

The updated now removed Snap Layouts UI in Windows 11 build 25300
Previous Article

Microsoft disables updated Snap Layouts in Windows 11 build 25300, quotes unnamed issues

Join the conversation!

Login or Sign Up to read and post a comment.

2 Comments - Add comment