Jamf Threat Labs reported that a new encryption hijacking malware was found on the macOS platform and distributed through pirated Final Cut Pro.

During the routine monitoring,the team received an alert about XMRig.XMRig is a command line tool used to mine cryptocurrencies.Its function is not malicious,but because of its customizable and open source features,attackers like to use it to launch attacks.

The team found a malicious version of XMRig in the pirated video editing software Final Cut Pro.Once the user runs Final Cut Pro,he will run XMRig in the background disguised as”mdworker_local”process,hijacking equipment resources for mining.

XMRig uses Invisible Internet Project(i2p)for communication,which is a private network layer that can anonymize traffic.Malware uses it to download malicious components and send the extracted currency to the attacker’s wallet.

Researchers pointed out that because the malware still retains the original code signature and only modifies the application,it cannot run on MacOS Ventura,and the system security policy will fail.