Popular in the professional environment, multimedia software is used by hackers to deploy hidden malware for cryptocurrency mining on macOS systems.
The malicious campaign was discovered by Jamf Threat Labs. According to experts, the XMRig crypto miner was launched using an unauthorized modification of Final Cut Pro, Apple's video editing software.
“This malware uses the Invisible Internet Project (I2P) to download malicious components and send the mined currency to the attacker’s crypto wallet,” Jamf Threat Labs researchers said in their report published.
An earlier iteration of this malicious campaign was documented exactly one year ago by Trend Micro, which pointed to the use of I2P malware to hide network traffic. At that time, Trend Micro experts suggested that the malware could have been delivered as a DMG file for Adobe Photoshop CC 2019.
Malicious versions of Final Cut Pro and Logic Pro X have reportedly been hosted on the popular pirate content service The Pirate Bay. Other professional programs posted back in 2019 were also found there. All this time, the malware has been refined and made more secretive for anti-virus systems.
The ability of malware to remain undetected on a victim's computer, combined with the fact that users are already generally ready for antivirus solutions to respond to the built-in "crack", make the malware vector very effective.
Apple, however, has taken some steps to combat the spread of such software. Notarized apps are now subject to more stringent checks in macOS Ventura, making it harder for fake apps to run.
“On the other hand, macOS Ventura did not prevent the launch of the cryptominer itself,” noted Jamf Threat Labs researchers. "By the time the user receives the error message, the malware will already be installed on the system."
In general, Apple definitely still has work to do in terms of security, and users should be more careful about the source of software downloads. Especially if they don't want to pay for it.