There’s a new piece of malware floating around that specifically targets macOS users. Now before you get up in arms and rush to update your operating system — which you should do periodically regardless — it’s worth mentioning that this particular piece of malware is embedded in pirated versions of Final Cut Pro. In other words, if you’re not using torrent sites, you have nothing to worry about.
How researchers discovered the macOS malware
The threat was first unearthed by Jamf Threat Labs. The company notes that during some routine security monitoring, they stumbled across a crypto-mining tool that operated in the background when running a pirated version of Final Cut Pro.
The company adds:
Further investigation revealed that this malicious version of Final Cut Pro contained a modification unauthorized by Apple that was executing XMRig in the background. At the time of our discovery, this particular sample was not detected as malicious by any security vendors on VirusTotal. Since January 2023, a handful of vendors have detected the malware. However, many of the malicious applications continue to go unidentified by most vendors.
Interestingly, the report notes that because Apple hardware continues to improve at an impressive clip, the macOS platform is becoming a more attractive target for crypto-mining malware.
Of course, it should go without saying that if you’re trying to keep your system as clean as possible, stay off of Torrent sites. To this point, researchers found that the most popular versions of pirated Final Cut Pro files were all infected with the aforementioned malware.
Crypto-mining malware is becoming more sophisticated
Subsequent versions of the malware in question are getting much better at avoiding detection from antivirus software. Put simply; you can’t offset the risks of using torrent sites with antivirus software.
For example, researchers note that the malware embedded within Final Cut Pro is constantly checking to see what processes are running. The reason? It wants to avoid detection in the Activity Monitor app.
If it finds the Activity Monitor, it immediately terminates all of its malicious processes. As a result, if the victim notices that their CPU is running hotter than normal while unwittingly mining crypto for the attacker, and opens the Activity Monitor to confirm their suspicion, the malware stops its activity and hides until the next time the victim launches the application.
As a final point, many people assume that Macs are impervious to malware. However, that’s not exactly the case. Apple certainly prioritizes user security. Still, malware remains less of an issue for Macs because malicious actors typically target PCs more aggressively. This is primarily due to the global dominance of PCs in the marketplace.
