Home » Apple: “XMRig” crypto mining malware running on older versions of macOS

Apple: “XMRig” crypto mining malware running on older versions of macOS

by v

A malware containing a hijacked version of the open source software XMRig is currently running rampant on systems running macOS, mining cryptocurrencies without the computer owner’s knowledge. According to Jamf Threat Labs, the malware is deployed via pirated versions of Apple software such as Final Cut Pro.

Malware threatens macOS

The security firm Jamf Threat Labs has recently discovered malware operating on the macOS operating system that is completely hidden and therefore very difficult to detect by various security systems.

This is a hijacked version of XMRig, an open source software usually used harmlessly to mine – mostly – XMR, the cryptocurrency of the Monero blockchain. The malicious version acts in the same way as the original software, i.e. it uses the computer’s resources (CPU and GPU) to mine cryptocurrencies.

But in this case, the malware (containing XMRig) is installed without the knowledge of the owner of the infected computer, and the mined cryptocurrencies are then sent to the person who deployed the malware. According to Jamf Threat Labs, the XMRig malware has only recently been detected, and very few security solutions are able to isolate it.

Why does this malware only affect macOS? Because the malware comes mainly from an illegal version of Final Cut Pro, a video editing software published by Apple. More precisely, the torrents concerned would come from The Pirate Bay site, which offers certain versions of Adobe Photoshop and Logic Pro software that are also potentially infected, among others.

According to the security firm, the malware was designed to be invisible to Spotlight, the file search engine built into macOS, by making the mining process look like a legitimate process.

How to deal with XMRig malware

Apple owners can rest assured that if your operating system is up to date, you are most likely safe. Indeed, as Jamf Threat Labs reports, the macOS Ventura update introduced last October (for Apple hardware with an Apple Silicon chip) prevents the infected program from being able to launch itself thanks to the numerous security patches included in this version.

However, although the infected version of the software is unable to launch, the malware does manage to do so. Therefore, if a user of an illegal version of Final Cut Pro sees an error message when launching the software, it is likely that XMRig is being launched covertly.

The malware has been designed to launch at the same time as the infected software, so starting the latter is imperative. The crypto mining system then launches invisibly and the mined cryptos are then transferred to the malicious individual via the anonymous I2P network.

Note that if you are potentially affected by this malware, one of the easiest ways to find out is to observe if your computer is severely slowed down after launching Final Cut Pro. Indeed, the XMRig malware is said to consume 70% of the processor’s power, which has the immediate effect of slowing down the system significantly.

Related Posts

Leave a Comment