Mac cryptomining malware found in pirate copies of Final Cut Pro

Update: Apple has now commented on the findings – see the end of the piece.

Cybersecurity company Jamf Threat Labs has found Mac cryptomining malware in pirate copies of Final Cut Pro. The firm says that the cryptojacking malware was particularly well hidden, and not detected by most Mac security apps.

Jamf also warned that the power of Apple Silicon Macs is going to make them increasingly popular targets for cryptojacking – where malware uses your machine’s considerable processing power to mine cryptocurrencies for the benefit of attackers …


As cryptocurrencies like Bitcoin have grown harder and harder to mine, demanding extensive GPU resources, there have been increasing incentives for bad actors to use cryptojacking techniques. This is where they get malware onto a significant number of other people’s devices in order to mine currency for them as a background process.

It’s no surprise that pirate software frequently contains malware, and cryptojacking is one of the more common examples. It’s a significant concern, because the malware will use a lot of your device’s resources, leaving less power to run your own apps.

Usually, Mac security software will detect this type of malware.

Well-hidden Mac cryptomining malware

However, Jamf Threat Labs found an example of Mac cryptomining malware that managed to evade detection – initially by all Mac security apps.

Over the past few months Jamf Threat Labs has been following a family of malware that resurfaced and has been operating undetected, despite an earlier iteration being a known quantity to the security community.

During routine monitoring of our threat detections seen in the wild, we encountered an alert indicating XMRig usage, a command line crypto-mining tool. While XMRig is commonly used for legitimate purposes, its adaptable, open-source design has also made it a popular choice for malicious actors.

This particular instance was of interest to us as it was executing under the guise of the Apple-developed video editing software, Final Cut Pro. Further investigation revealed that this was a modified, malicious version of Final Cut Pro that was…