Hackers using pirated software to spread new cryptomining Mac malware

Pirated software users beware; New Mac cryptominer ‘Bird Miner’ spreads via torrents

If you download pirated content from torrent platforms, you can be a victim of this Mac malware.

There is a new variant of cryptomining malware that is specifically targeting Apple’s Mac devices and those users who prefer downloading pirated software from torrent platforms. Dubbed Bird Miner by researchers; this cryptocurrency mining malware is actually a strain of malicious code with a very interesting twist – This Mac malware emulates Linux or Mac to run.

See: Your pirated Game of Thrones download can be a malware – Here’s why

Initially, the malware was discovered as OSX.BirdMiner in a pirated Ableton Live 10 software installer, which is basically software used commonly to create music. Later on, researchers detected it in other files and Reddit users report that in the past four months or maybe longer than that they have observed the similar type of Mac malware distributed via the VST Crack website.

According to the details shared by Malwarebytes on Thursday, the first thing that Bird Miner does to keep itself hidden from the user’s detection is by checking for Activity Monitor. If this system tool isn’t running and the CPU usage is lower than 85%, this Mac malware runs the open source Qemu OS virtual box that loads and runs a wide range of OS image files including .img, .iso, or .dmg. In fact, Qemu loads Tiny Core Linux custom versions as two .dmg images prior to launching the Xmrig cryptomining tool.

Pirated software users beware; New Mac cryptominer ‘Bird Miner’ spreads via torrents

The files contain random names and perform miscellaneous functions that include the launching of daemons. One of the daemons launches a shell script dubbed as Crax. It is launched to ensure that the malware stays undetected from security experts.

See: Torrent uploader CracksNow caught distributing GrandCrab ransomware

However, the very aspect that makes Bird Miner’s functioning interesting, that is, running inside the Qemu, is what makes it operationally inefficient. If the Mac malware wasn’t emulated and was natively run it would be far more beneficial for its developers as far as profits and returns are concerned.

There is also a lesson for users of pirated software who regularly download software from torrent platforms. It is important to understand that the biggest disadvantage of using pirated software is making your computer vulnerable to all sorts of digital threats and privacy/security risks.

See: New Mac Malware steals iPhone text messages from iTunes backups

Nowadays, cryptojacking has become quite common and pretty easily attackers can infect PCs with malware to drain the CPU of its resources. Usually, cybercriminals target the cracked versions of original software on piracy websites to load adware and cryptominers and make some quick bucks. Hence, users are advised to only download software from legitimate sources.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.

Total
0
Shares
Related Posts
New SystemBC malware targets Windows PCs by evading detection
Read More

New SystemBC malware targets Windows PCs by evading detection

While finding and removing malware on your computer system may indeed be a joyous moment, there's a new malware out there that will give you a headache instead. To know why, a dive through is needed into SystemBC, a malware written in C++ that has been discovered by researchers at Proofpoint and dubbed so because the word is a part of the URI path found in one of the malware's advertisements.