Skip to main content

This devious scam app proves that Macs aren’t bulletproof

Pirated software can cause all kinds of headaches, but Mac users might have thought themselves largely immune thanks to Apple’s reputation for solid security. Yet, that complacency could prove quite problematic, as a new strain of nearly undetectable malware has shown.

According to research from security firm Jamf Threat Labs, pirated versions of Apple’s Final Cut Pro moviemaking app have been modified to contain cryptojacking payloads. When installed, the app starts using your Mac to mine the Monero cryptocurrency behind your back, potentially slowing down your machine as system resources are illegitimately gobbled up.

A close-up of a MacBook illuminated under neon lights.
Image used with permission by copyright holder

Worse, Jamf Threat Labs says the malware remains almost entirely undetected by both antivirus software and Apple’s own security systems. That makes it a major pest to detect and remove.

The malicious software uses the Invisible Internet Project (i2p) network to download additional components in an anonymous way that is very difficult to detect. It also disguises itself as system processes linked to macOS’ Spotlight feature, further helping it to avoid raising eyebrows.

The malware is primarily distributed through torrents on The Pirate Bay shared by user “wtfisthat34698409672.” This user has uploaded similarly cracked apps, including Adobe Photoshop and Logic Pro X, that also contain cryptojacking malware.

Still dangerous today

A digital encrypted lock with data multilayers.
Getty Images

In macOS Ventura, Apple introduced a few security features that hamper the malware, but they do not stop it completely. For instance, there are more code-signing checks to ensure apps have not been modified. In the case of this malware, its authors kept much of the original Final Cut Pro code in place to make it seem like the real deal, but it was not enough to evade Ventura’s checks.

Ironically, however, Ventura only disables the legitimate part of the malware bundle — that is, the Final Cut Pro portion — while leaving the cryptojacking elements untouched. The good news is that the malware is not able to find a way past Apple’s Gatekeeper security protections without a user manually disabling them, which limits some of the damage it can cause.

It just goes to show the dangers involved in downloading and installing pirated software. Instead, it’s much better to pay for the genuine article and avoid infecting your computer. Alternatively, there are plenty of great free video-editing apps available, meaning you don’t need to pay to create movie masterpieces on your Mac.

Editors' Recommendations

Alex Blake
In ancient times, people like Alex would have been shunned for their nerdy ways and strange opinions on cheese. Today, he…
Apple fixed one of my biggest macOS gripes with Sonoma — but I still want more
Federighi talking about Continuity Camera.

Apple’s macOS Sonoma update has just been launched and, let’s be honest here, it’s a pretty modest upgrade (probably thanks to the work required on the Vision Pro’s software). Still, when Apple unveiled Sonoma a few months ago, there was one feature that got me excited: Continuity Camera.

This nifty tool lets you use your iPhone as a high-quality webcam. Sure, it actually debuted with macOS Ventura, but this year we’ve got much more control over how it works. Sliders! Toggles! Yes, it’s all here.

Read more
Update your Apple devices now to fix these dangerous exploits
A person using a laptop with a set of code seen on the display.

If you’re an Apple user -- whether you have a Mac, an iPhone, an iPad, or an Apple Watch -- you need to update your devices as soon as possible. That’s because Apple has discovered three actively exploited vulnerabilities that could cause your devices serious harm, and the patches are already out to fix them.

One of the bugs was found in Apple’s Security framework and would allow a malicious app to completely bypass a device’s signature validation. Another bug concerns the WebKit browser engine and could grant a threat actor the ability to run arbitrary code when a victim views a certain web page.

Read more
This dangerous new Mac malware steals your credit card info
A hacker typing on an Apple MacBook laptop while holding a phone. Both devices show code on their screens.

People like to think that Apple’s Macs are more or less invulnerable to the assorted viruses and trojans that afflict Windows PCs, but that’s far from the truth. That’s just been aptly demonstrated by the emergence of a new malware strain that attempts to steal all of your passwords, credit card data, and more.

The discovery was made by security firm SentinelOne, which named the malware MetaStealer. According to SentinelOne, MetaStealer has the potential to trick you into giving away vital information that could cause a huge amount of damage, and it has a nefarious way of getting what it wants.

Read more