Hacker Circulates Mac Malware Via Pirated Software Torrents


Protect Your Access to the Internet

Security researchers have uncovered a largely undetected Mac-based malware that’s been circulating through pirated software downloads. 

The findings(Opens in a new window) come from security provider Jamf, which discovered the malware on a bootleg version of Apple’s Final Cut Pro video-editing software, which normally costs $299.99. 

Jamf first spotted the malware secretly mining cryptocurrency on a customer’s Mac computer. “This particular sample was not detected as malicious by any security vendors on VirusTotal. Since January 2023, a handful of vendors have detected the malware,” it said. 

Since the malware arrived through an unauthorized and modified version of Final Cut Pro, Jamf turned to The Pirate Bay, a website notorious for offering bootleg software through torrents. 

“We downloaded the most recent torrent (for Final Cut Pro) with the highest number of seeders and checked the hash of the application executable. It matched the hash of the infected Final Cut Pro we had discovered in the wild. We now had our answer,” the security researchers said. 

The malicious torrents on The Pirate Bay

(Credit: The Pirate Bay)

According to Jamf, an uploader on The Pirate Bay named “wtfisthat34698409672”—who has a years-long history of posting bootleg Mac software—is responsible for not only circulating the malware, but also pushing other variants of the malicious code. This includes posting malware-laden versions of Logic Pro and Photoshop. 

“Furthermore, we found that virtually every one of the dozens of uploads that began in 2019 was compromised with a malicious payload to surreptitiously mine cryptocurrency,” Jamf said.

The malware itself shares similarities with another sample that antivirus provider Trend Micro discovered(Opens in a new window) a year ago. At the time, Trend Micro wasn’t able to uncover the exact source, but it did speculate the infection came from an Adobe Photoshop CC installation. 

Jamf says the malware has been evolving since 2019, when the hacker initially began uploading the pirated but malicious Mac software. Interestingly, the malware contains a feature that’ll check whether the user has accessed the Mac’s Activity Monitor app, which can show CPU usage.