Think twice before downloading Apple's Final Cut Pro video editing app on sketchy torrent sites, as your Mac might get infected with cryptojacking malware.
Security researchers at Jamf Threat Labs discovered a cryptojacking campaign targeting macOS users with a version of Final Cut Pro injected with a cryptominer. The rogue variant, along with other apps like Adobe Photoshop and Logic Pro X, were being distributed by a user named wtfisthat34698409672 on The Pirate Bay, a popular torrenting website.
One of the most notable features of the cryptojacking malware is its ability to execute the XMRig utility, an open-source software that mines for Monero cryptocurrency. It also receives updates regularly to better evade security solutions. For instance, when security tools finally detected the malware's original version, the threat actor launched a new version in 2021 that contained hidden executables in the app bundle.
A third version was introduced later on, which was capable of disguising its malicious processes as system processes on macOS's Spotlight to evade detection. The latest version even contains a script that constantly checks for the Activity Monitor. If the program is running, the malware will terminate all of its processes to avoid detection.
In its blog, Jamf Threat Labs emphasized the abilities of macOS's latest version Ventura when it comes to fighting such a threat. It stated:
"The more stringent codesigning checks in Ventura verify that all notarized apps are correctly signed and have not been modified by unauthorized processes, even after the first launch. This is an improvement from previous versions of macOS, where Gatekeeper would only validate applications during their initial launch and would regard the file as trusted once it was successfully launched."
As such, if the rogue version of Final Cut Pro is launched on Ventura, the program will fail to open as it has been modified by the threat actor with malicious code. However, in Jamf's test, the cryptominer can still run, so a user's computer will get infected with malware anyway.
To protect your Mac from malware, refrain from downloading apps from untrusted sources as they may contain malware. Do not open links or attachments from suspicious emails either.
Source: Jamf Threat Labs
2 Comments - Add comment