It goes without saying once again that installing "pirate" software on your Mac is not a wise choice. First, because it is illegal. You are using paid software without costing you a penny, and that is a scam for the developer who has invested a lot of resources in a tool that you are going to use without returning the money they are asking for, either in a single payment , or a subscription.
And second, because you risk unlocking the security of your Mac. Although it is very difficult to insert a virus or malware into the installation files of said pirated copy without being detected by macOS, it is not impossible. This week one of those examples has been discovered. Precisely, a malware hidden in an illegal copy of Final Cut Pro.
A few days ago, the company cybersecurity Jamf Threat Labs has discovered a new cryptomining malware in some illegal copies of Final Cut Pro for Mac. It appears that this malicious code was very well hidden, and was not detected by most macOS security applications.
A type of malware that is becoming fashionable, since the enormous computing power of the current Apple Silicon is the target of the cryptojackers, since said equipment is capable of creating cryptocurrencies in the background without affecting its normal performance, and thus goes unnoticed by the "attacked" user.
As a general rule, the security systems built into Apple in macOS usually detect this type of malware, but this week, the Jamf Threat Labs team discovered a model of malware that creates Bitcoins that bypassed macOS controls.
It was hidden in the installation file of a pirated copy of the well-known Final Cut Pro software. Once the application was installed, the code was put to work with commands XMRing for the creation of cryptocurrencies. If the attacked Mac was an Apple Silicon, the user of that computer was most likely not aware of it, since it did not affect the normal performance of the computer.
Mac doesn't detect it
The problem is that macOS does not detect it. Even if the Activity Monitor is checked, it does not appear, since the malware incorporates a routine that every three seconds checks the running processes. If it sees the Activity Monitor app open, it automatically stops all of its "mining" processes, so they don't appear in the Activity Monitor app.
Apple is already aware of this discovery, and is updating XProject to fix the problem. And how could it be otherwise, recommends Mac users not to install applications if they do not come from the Mac Apple Store.
