Trojanized versions of legitimate applications are being used to spread evasive cryptocurrency mining malware on macOS systems.

Jamf Threat Labs, which made this discovery, said the cryptocurrency miner XMRig was done through an unauthorized modification in Final Cut Pro, a video editing software from Apple.

Malware and viruses exist on MacOS too, but what do the experts tell us?

“The malware uses the Invisible Internet Project (i2p) […] to download malicious components and send the mined currency to the wallet [wallet digitale per criptovalute] of the attacker“, they have said Jamf researchers Matt Benyo, Ferdous Saljooki and Jaron Bradley, in a report.

An earlier variation of this campaign was documented exactly one year ago by Trend Micro, which highlighted the use of i2p malware to hide network traffic and speculated that it may have been delivered as a DMG file (the files with which programs are installed on MacOS, in in case you don’t know) for Adobe Photoshop CC 2019 (precisely a pirated version, but you’ll see that shortly).

The Apple and MacOS device management company said the source of the cryptojacking applications can be traced to Pirate Bay, with the first uploads dating back as far as 2019.

The result was discovery of three generations of malwareobserved for the first time in August 2019, April 2021 and October 2021 respectively, which trace the evolution of the sophistication and stealth and elusiveness of the hacking campaign.

An example of the evasion technique is one shell script that monitors the list of running processes to check for Activity Monitor and, if so, kill mining processes.

These malicious applications for MacOS, it should be noted that they were not downloaded legally, but distributed in another often illegitimate (not to say illegal) manner, an example are torrents.

The malicious mining process relies on the user launching the pirated application, at which time the code embedded in the executable connects to a hacker-controlled server on i2p to download the XMRig component.

The ability of the malware not to be caught even by “proven” antivirus and antimalware, combined with the fact that users using cracked software are doing something illegal, has made this malware distribution vector highly effective for several years (from 2019 to the present day, to understand).

However, Apple has taken steps to combat this abuse by subjecting notarized applications to audits Gatekeepers more stringent in macOS Ventura, thus preventing the launch of tampered applications.

“On the other hand, macOS Ventura did not prevent mining from happening“, highlighted the Jamf researchers. “By the time the user receives the error message, the malware has already been installed.”

“Prevented the modified version of Final Cut Pro from launching, which could raise suspicion for the user and greatly reduce the likelihood of further launches by the user.”

Some considerations on this case

This story proves (again) that very often the problem is more often than not the problem is not the operating system (see Linux fanatics who use “offensive” terms towards Windows such as “Winzozz”), but a bad use of the operating system, in this case MacOS.

While it’s understandable to want to download cracked programs (and needless to say it’s illegal…) to save some cash, It’s also very hard to believe that someone spends €300 a year on a license just to crack a program and distribute it for free without personal gain.

This case of Cryptojacking via DMG files of pirated programs downloadable from torrents, on MacOS by the way, not even on Windows, speaks volumes about the “free” nature of many programs that with legal licenses would otherwise cost a lot.

If you yourself were one of these bad guys capable of cracking a video game or an expensive program, I invite you to reflect: would you spend 500€ to license a program, crack that program and distribute it for free, all without a grant with zero earnings? I have a lot of doubts about it…

This topic, however, deserves a separate article.

It’s not piracy itself that dies hard, but the fact that when using a computer device (tablet, PC, smartphone, etc.) there is the strange (and unhealthy) idea that everything must be due (therefore free), because the end user on average does not have the most faint idea of ​​how much effort it is to navigate between lines of code and correct problems.

And if you are a technician who fixes PCs and telephones, where many users are looking for cheap or free solutions, you will understand very well what I am alluding to.