Hackers make poisoned Final Cut Pro specifically to target Mac users
As we know, for BitTorrent seeds, as long as they are published on the internet, the more users participate, the more active the seed will be. For popular resources, this seed may never die, because there are always users searching, downloading, and uploading, and so it continues.
Hackers released pirated Final Cut Pro software that carries the XMRig mining program, which specifically uses Mac users to mine Monero coins.
This seed has been active since its release in 2019 and there are still many users downloading poisoned Final Cut Pro through the seed, and it is difficult to detect if their Mac is infected.
After analysis, researchers found that the hackers had set some cunning traps. For example, when users open the Activity Monitor, they will not notice any abnormal activity. This is because the hackers’ mining program comes with a script that checks the Activity Monitor every 3 seconds to see if it is open. If it is, all malicious programs will be immediately terminated, and then restarted when the Activity Monitor is closed for the next 3 seconds.
This makes it difficult for users to detect abnormalities. Even if they hear their Mac’s fan whirring, they cannot see any abnormal processes in the Activity Monitor.
For mining, hackers use the I2P garlic network to establish connections. In fact, hackers can still control this malicious software released in 2019 because the malware connects to the server controlled by the hacker through I2P when it starts, and the XMRig mining program also connects through I2P.
I2P is a more private network built on the Tor onion network, and XMR is completely anonymous, so hackers cannot be traced.
Researchers have noticed that some hackers use cracked versions of Adobe Photoshop CC 2019 with hidden viruses for mining, but it is unknown whether they are the same group of hackers.
So developers warn that using pirated software is dangerous, and users should think carefully when downloading pirated software.
