Skip to main content
  1. Home
  2. Computing
  3. News

This devious scam app proves that Macs aren’t bulletproof

By

Pirated software can cause all kinds of headaches, but Mac users might have thought themselves largely immune thanks to Apple’s reputation for solid security. Yet, that complacency could prove quite problematic, as a new strain of nearly undetectable malware has shown.

According to research from security firm Jamf Threat Labs, pirated versions of Apple’s Final Cut Pro moviemaking app have been modified to contain cryptojacking payloads. When installed, the app starts using your Mac to mine the Monero cryptocurrency behind your back, potentially slowing down your machine as system resources are illegitimately gobbled up.

A close-up of a MacBook illuminated under neon lights.
Image used with permission by copyright holder

Worse, Jamf Threat Labs says the malware remains almost entirely undetected by both antivirus software and Apple’s own security systems. That makes it a major pest to detect and remove.

Recommended Videos

The malicious software uses the Invisible Internet Project (i2p) network to download additional components in an anonymous way that is very difficult to detect. It also disguises itself as system processes linked to macOS’ Spotlight feature, further helping it to avoid raising eyebrows.

Related

The malware is primarily distributed through torrents on The Pirate Bay shared by user “wtfisthat34698409672.” This user has uploaded similarly cracked apps, including Adobe Photoshop and Logic Pro X, that also contain cryptojacking malware.

Still dangerous today

A digital encrypted lock with data multilayers.
Getty Images

In macOS Ventura, Apple introduced a few security features that hamper the malware, but they do not stop it completely. For instance, there are more code-signing checks to ensure apps have not been modified. In the case of this malware, its authors kept much of the original Final Cut Pro code in place to make it seem like the real deal, but it was not enough to evade Ventura’s checks.

Ironically, however, Ventura only disables the legitimate part of the malware bundle — that is, the Final Cut Pro portion — while leaving the cryptojacking elements untouched. The good news is that the malware is not able to find a way past Apple’s Gatekeeper security protections without a user manually disabling them, which limits some of the damage it can cause.

It just goes to show the dangers involved in downloading and installing pirated software. Instead, it’s much better to pay for the genuine article and avoid infecting your computer. Alternatively, there are plenty of great free video-editing apps available, meaning you don’t need to pay to create movie masterpieces on your Mac.

Editors’ Recommendations

Topics
Alex Blake
Alex Blake
Computing Writer
Alex Blake has been working with Digital Trends since 2019, where he spends most of his time writing about Mac computers…
I finally tried Apple Intelligence in macOS Sequoia to see if it lived up to the hype
The redeisgned Siri user interface in macOS Sequoia.

For the last few years, Apple’s macOS releases have been interesting, if not particularly exciting. But that’s all set to change this year with the launch of macOS Sequoia, and it’s all thanks to one feature: Apple Intelligence.

Apple’s artificial intelligence (AI) platform has the potential to completely change how you use your Mac on a daily basis. From generating images, rewriting emails, and summarizing your audio recordings to revamping Siri into a much more capable virtual assistant, Apple Intelligence could be the most significant new macOS feature in years.

Read more
This new threat proves that Macs aren’t immune from malware
A concept image of a hacker at work in a dark room.

Despite constant warnings, many Mac users have come to believe their computers are safe from malware attacks. A new threat targeting Mac users called Banshee Stealer, however, refutes that notion. As reported on by security firm Elastic Labs, Banshee Stealer targets popular browsers and crypto wallets and even attempts to steal data from iCloud Keychain passwords and Notes.

"Banshee Stealer targets a wide range of browsers, cryptocurrency wallets, and around 100 browser extensions, making it a highly versatile and dangerous threat," Elastic Security Labs said in a report on Thursday.

Read more
You can finally try out Apple Intelligence on your Mac. Here’s how
macOS Sequoia being introduced by Apple's Craig Federighi at the Worldwide Developers Conference (WWDC) 2024.

The second developer beta of macOS Sequoia is open for business and it includes Apple Intelligence features. It looks like anyone can try it out as long as you're not in China. That includes people in the EU -- even though the AI features might not launch there right away. The features available for testing include Writing Tools, Siri, Safari and Mail summaries, Smart Replies, Memory Movies, transcription features, Reduce Interruptions Focus Mode, and a few more. If you want to have a look yourself, here's everything you need to do to download the beta and activate Apple Intelligence.

Before you start, make sure you've backed up your Mac with Time Machine so you can restore the previous version if anything goes wrong. You can also use a secondary device if you have another Apple silicon Mac lying around because beta versions can go wrong and you have to download them at your own risk.

Read more