XMRig, a malware, is currently circulating in pirated versions of several popular software. Its goal: to mine cryptocurrency without the knowledge of users. And once installed, he knows how to hide!
Macs, and more particularly macOS, were thought to be rather immune to malware and other viruses that are rampant in the Windows world. This was without counting on the growing popularity of Macs doped with Apple Silicon chips, the famous M1 and M2, which are particularly efficient and which allow Macs to hold their own against PCs powered by Intel or AMD processors. Ransom of glory: Macs are also now targeted by malware. This is what researchers at Jamf Threat Labs, a company specializing in cybersecurity. They have thus noted the presence of software called XMRig well buried in a pirate version of the video editing software Final Cut Pro from Apple and offered on the illegal download site The Pirate Bay.
XMRig is a fully legal open source tool designed to mine Monero cryptocurrency. However, the version embedded in the pirate version of Final Cut Pro has been modified and hidden well enough to slip through the cracks of the macOS security system making it seem like a normal process and unnoticed by Spotlight, the search engine. of the Apple system. Even worse: if the user of a Mac infected with XMRig notices abnormal behavior and checks the active processes in the macOS Activity Monitor, the malware automatically stops working to remain invisible!
As a result, the software launches at the same time as the video editing tool and begins its work to mine cryptocurrency without the knowledge of the user… or almost. These mining tools indeed consume a lot of resources and power, hence a preference for Apple Silicon chips from the apple brand. According to Jamf Threat Labs researchers, XMRig would consume 70% of CPU power with a significant impact on overall machine performance.
How to protect yourself from XMrig?
The pirated version of Final Cut Pro embedding XMRig mainly targets Macs powered by ARM Apple Silicon chips. However, according to Jamf Threat Labs, machines with the latest macOS Ventura update deployed last fall are no longer affected by the problem. The patches made by Apple prevent, according to specialists, the opening of the editing software thus infected: ” (…) the malware left an original signature intact, but modified the application, thereby invalidating the signature and violating system security policy ” they specify in a press release. If you have not yet proceeded with this update it is better not to delay, even if you have not downloaded an illegal version of Final Cut Pro since the malware would also be rampant within other pirated applications like Adobe Photoshop or Logic Pro.
Apple, for its part, also remains on the lookout. ” We continue to update XProtect to block this malware, including specific variants cited in Jamf research. Also, this malware family does not bypass Gatekeeper protections (the tool that verifies the integrity of downloaded apps editor’s note)” specifies the firm to our American colleagues from 9to5mac. Nevertheless, it is better to remain vigilant since this practical type is set to expand, warns Jamf. And Apple insists on preferring app downloads from the Mac App Store where they are verified.