Despite the use of applications and content hacked occur in a widespread manner, with widespread adherence to this type of solution, there are still risks when using apps obtained in this way. In addition to putting your data at risk, you can make your Mac vulnerable to running all sorts of programs, even cryptocurrency mining.
As discovered by cybersecurity firm Jamf Threat Labswere found in pirated versions of apps like Final Cut Pro and the Photoshop malware that uses a technique called XMRig to run cryptocurrency miners such as Bitcoin. The more powerful Apple Silicon processors only make this activity more attractive to crackers.
Jamf claimed to have found the malicious component in files of pirated apps downloaded through torrents most recent. The operation is quite sophisticated, using architectures such as the Invisible Internet Project (ip2) to evade system checks and not be detected by macOS, nor by the user.
Whereas previous generation malware used privileged execution or launchers to run malicious programs, the newly discovered threat is opened via a Trojan just when the user clicks to open the pirated program.
The data then runs as hidden files in the directory. /private/tmp/, when the line of code that starts mining is run remotely using ip2. The malware even hides from the Activity Monitor (Activity Monitor), including renaming the process to one used by Busca as a way of disguising it.
macOS Ventura 13 brings an important change that can help users realize that something is wrong. Now, Gatekeeper not only checks apps on first launch, but also checks if their files have been modified, which can lead to an error message being displayed when opening pirated apps.
However, by that point, the malicious program has already been installed and the warning does not prevent it from running. Also, system protection didn’t work for pirated apps like Photoshop. Jamf also recalled the importance of quarantining downloaded files to identify threats.
To the 9to5Mac, Apple said that it added this malware to XProtect, so that it is blocked, and recalled that it cannot bypass the protection of the Gatekeeper. The company also took the opportunity to remember the security of applications downloaded through the Mac App Store.
This case shows how malicious programs are becoming more sophisticated, both in their purpose and in the ways they use to hide in the system. Even macOS Ventura, for example, this malware might run without the user even noticing, so that his machine would be used by third parties to mine cryptocurrencies in his absence.
Stay alert! ????
