Cryptojacking virus now in Apple MacOS: pirated software becomes the main way

Recently, Jamf Threat Labs, a security threat research lab, released a report that a new cryptojacking virus has been discovered on Apple's MacOS platform, spreading through pirated software.

According to the Jamf Threat Labs report, during the team's routine monitoring, alerts were received about XMRig, which is often seen as a weapon by attackers due to its open source and customizable nature.

The team eventually found the XMRig that triggered the alert in a pirated version of Final Cut Pro video editing software, and verified that once the user ran the pirated Final Cut Pro, it launched a process disguised as "mdworker_local" to run XMRig in the background and hijack device resources for mining.

XMRig communicates using the Invisible Internet Project (i2p), a private network layer that anonymizes traffic. The malware uses it to download malicious components and send the mined currency to the attacker's wallet.

However, the researchers also noted that because the malware retains the original code signature and only modifies the application, it will not work on MacOS Ventura and will violate system security policies.