Thursday, May 25, 2023
Home Blog

Hackers Using Trojanized macOS Apps to Deploy Evasive Cryptocurrency Mining Malware

cryptomining operation targeting macOS

Security researchers discovered a crypto mining operation targeting macOS with a malicious version of Final Cut Pro that remains largely undetected by antivirus engines.

They found that the malicious variant was distributed over torrent and executed the XMRig utility that mines for Monero cryptocurrency.

Trojanized versions of legitimate applications are being used to deploy evasive cryptocurrency mining malware on macOS systems.

Jamf Threat Labs, which made the discovery, said the XMRig coin miner was executed as Final Cut Pro, a video editing software from Apple, which contained an unauthorized revision.

” This malware makes use of the unnoticeable Internet Project( i2p)(.) to download vicious components and send mined currency to the attacker’s wallet,” Jamf experimenters Matt Benyo, Ferdous Saljooki, and Jaron Bradley said in a report shared with Us.

An earlier iteration of the campaign was documented exactly a time ago by Trend Micro, which pointed out the malware’s use of i2p to conceal network traffic and speculated that it may have been delivered as a DMG file for Adobe Photoshop CC 2019.

The Apple device management company said the source of the crypto hacking apps can be traced to Pirate Bay, with the foremost uploads dating all the way back to 2019. 

The result is the discovery of three generations of the malware, observed first in August 2019, April 2021, and October 2021, that charts the evolution of the campaign’s sophistication and covertness.

One example of the evasion technique is a shell script that monitors the list of running processes to check for the presence of Activity Monitor, and if so, terminate the mining processes. 

Researched by Matt Benyo, Ferdous Saljooki and Jaron Bradley

The vicious mining process banks on the user launching the pirated application, upon which the code embedded in the executable connects to an actor- controlled server over i2p to download the XMRig component. 

The malware’s ability to fly under the radar, coupled with the fact that users running cracked software are willingly doing something illegal, has made the distribution vector a largely effective one for numerous years. 

Apple, still, has taken steps to combat similar abuse by subjecting notarized apps to more strict Gatekeeper checks in macOS Ventura, thereby preventing tampered apps from being launched.

 ” On the other hand, macOS Ventura didn’t prevent the miner from executing,” Jamf experimenters noted.” By the time the user receives the error message, that malware has formally been installed.”
 ” It did prevent the modified version of Final Cut Pro from launching, which could raise suspicion for the user as well as greatly reduce the probability of posterior launches by the user.”

MacBook Pro 13″(M2, 2022)

0

Display 13.3″

Up to 24GB unified memory

Up to 20 hours battery life

Touch bar & Touch id


8-core CPU

Apple M2 Chip

82TB maximmum configurable storage


10-core GPU

The new M2 chip makes the 13.3-inch MacBook professional additional capable than ever. an equivalent compact design supports up to twenty hours of battery life and a full of life cooling system to sustain increased performance.

That includes an excellent membrane show, a FaceTime HD camera, and studio-quality mics, it’s them’s most moveable professional portable computer.

Let’s point out M2 super chip, the M2 chip begins consecutive generation of Apple Silicon, with even additional of the speed and power potency introduced by M1. thus you’ll be able to rip through workflows with amore powerful 8-core CPU.

Produce gorgeous graphics with a lightning-fast 10-core GPU. Work with additional streams of 4K and 8K ProRes video with the superior media engine. And do it all at once with up to 24GB of faster unified memory.

Is MacBook Pro M2 powerful?

  • Compared to MacBook Pro 13″ with M1

Faster video editing performance

MacBook Pro 13″ with M2

MacBook Pro 13″ with M1


  • Compared to Intel-based MacBook Pro 13″

Faster video editing performance

MacBook Pro 13″ with M2

MacBook Pro 13″ with M1 quad-core Intel Core i7


Is MacBook Pro M2 good for design?

Is MacBook Pro M2 good for design?

If you were hoping for a design within the vein of the MacBook Air and iMac, then we’ve got some unhealthy news: the new MacBook professional 13.3-inch has identical style because the previous model.

If you liked that style, then this might not be a problem, however there’s no escaping the sensation that this style, that was already feeling a touch dated once it came 2 years agene with the M1 version of the MacBook professional, is currently in spades archaic.

So, it’s same massive, chunky bezels round the screen because the previous model, and during this day and age wherever most laptops have skinny surrounds, it’s not the trendy mobile digital computer that it once was, particularly in comparison to the likes of the Dell XPS 13, for example- or perhaps the MacBook pro 14-inch.

While it keeps identical style, the new MacBook Air gets a design that slims down the bezels, and conjointly will increase the screen size to 13.6-inches. which means it really incorporates a larger screen than the 13-inches of the MacBook professional 13-inch.

With this in mind, the MacBook pro 13-inch not appears like the default suggestion for inventive professionals, particularly people who work with visual mediums. The new MacBook Air offers a bigger screen for fewer cash.

Elsewhere, the build quality remains impeccable, and it remains light-weight enough to simply carry around with you, creating it a wonderful selection for individuals searching for a robust portable computer to figure on.

However, it’s price nothing that when once more, the MacBook pro 13.3-inch(M2, 2022) comes with simply 2 USB-C ports + audio jack -a rather restricted quantity for a portable computer geared toward inventive professionals.


How long does MacBook M2 battery last?

How long does MacBook M2 battery last?

The M2 chip isn’t a powerful bit of hardware, it’s also very efficient. This is important in a laptop, as it means it can provide plenty of power for the tasks you require of it without draining the battery too fast.

Apple boasted of how the M2 chip could offer an 18% performance boost to CPU tasks while still using the same amount of power as the M1 chip – an exciting prospect considering how powerful – and power-efficient-the M1 chip was.

In our tests, we found Apple’s claims to be the money, with the MacBook Pro 13-inch (M2, 2022) lasting 15 and a half hours in our battery test, which involves playing a looped 1080p video.

This is very impressive, and simply beats the previous MacBook pro 13-inch’s score by many hours. throughout our review of the MacBook pro 13-inch (M2, 2022), we have a tendency to were ready to simply get an entire workday out of the battery, which was whereas acting intensive tasks like video written material.

For people looking for a powerful laptop that can work on pretty much anywhere without worrying about running out of battery, the MacBook Pro 13.3-inch (M2, 2022) is a great option, then.


Should you buy the MacBook Pro 13-inch (M2, 2022) ?

The MacBook pro 13-inch (M2, 2022) could be a strange portable computer to review. On the one hand, it performs brightly and has exceptional battery life.

However, its obsolete style, 720p webcam and lack of ports means that there area unit several higher laptops for artistic professionals out there. maybe the largest threat to the MacBook pro 13-inch (M2, 2022), that comes with an even bigger screen, higher digital camera and speakers, and similar performance – except for less cash.

So, unless you are utterly married to the thought of obtaining a MacBook pro, or love the bit bar (come on, there should be a number of you out there), you would be happier skipping the MacBook pro 13-inch (M2, 2022) and obtaining the MacBook Air instead.

Apple Watch Ultra

0

Blood Oxygen App

ECG App

High and Low heart rate notifications

Temperature sensing


Cellular

Always-On Retina Display

49 mm

Swimproof/IP6X dust resistant/Action buton


Emergency SOS

Apple Releases iOS and macOS Updates to Patch Actively Exploited Zero-Day Flaw

Apple has released another round of security updates to address multiple vulnerabilities in iOS and macOS, including a new zero- day flaw that has been used in attacks in the wild.

The issue, assigned the identifier CVE-2022-32917, is rooted in the Kernel element and could enable a malicious app to execute arbitrary code with kernel privileges.

” Apple is aware of a report that this issue may have been actively exploited,” the iPhone maker conceded in a brief statement, adding it resolved the bug with bettered set checks. An anonymous experimenter has been credited with reporting the shortcoming.

It’s worth noting that CVE-2022-32917 is also the second Kernel related zero- day flaw that Apple has remediated in lower than a month.

Patches are available in performances iOS 15.7, iPadOS15.7, iOS 16, macOS Big Sur 11.7, and macOS Monterey 12.6. The iOS and iPadOS updates cover iPhone 6s and latterly, iPad Pro( all models), iPad Air 2 and latterly, iPad 5th generation and latterly, iPad mini 4 and latterly, and iPod touch( 7th generation).

With the rearmost fixes, Apple has addressed seven actively exploited zero- day flaws and one intimately- known zero- day vulnerability since the launch of the time.

  • CVE-2022-22587( IOMobileFrameBuffer) – A vicious operation may be suitable to execute arbitrary code with kernel privileges CVE-2022-22594( WebKit Storage) – A website may be suitable to track sensitive stoner information( intimately known but not laboriously exploited) 
  • CVE-2022-22620( WebKit) – Processing virulently crafted web content may lead to arbitrary law prosecution 
  • CVE-2022-22674( Intel Graphics motorist) – An application may be suitable to read kernel memory 
  • CVE-2022-22675( AppleAVD) – An application may be suitable to execute arbitrary code with kernel privileges 
  • CVE-2022-32893( WebKit) – Processing virulently drafted web content may lead to arbitrary law prosecution 
  • CVE-2022-32894( Kernel) – An operation may be suitable to execute arbitrary code with kernel privileges

Besides CVE-2022-32917, Apple has plugged 10 security holes in iOS 16, gauging Connections, Kernel Charts, MediaLibrary, Safari, and WebKit. The iOS 16 update is also notable for incorporating a new Lockdown Mode that is designed to make zero- click attacks harder.

iOS further introduces a feature called Rapid Security Response that makes it possible for druggies to automatically install security fixes on iOS devices without a full operating system update. 

” Rapid Security Responses deliver important security improvements more snappily, before they become part of other improvements in a future software update,” Apple said in a revised support document published on Monday. 

Lastly, iOS 16 also brings support for passkeys in the Safari web browser, a passwordless sign- in mechanism that allows users to log in to websites and services by authenticating via Touch ID or Face ID.

Apple Releases Security Updates to Patch Two New Zero-Day Vulnerabilities

Apple on Wednesday released security updates for iOS, iPadOS, and macOS platforms to remediate two zero- day vulnerabilities previously exploited by threat actors to compromise its devices.

The list of issues is below,

  • CVE-2022-32893– An out- of- bounds write issue in WebKit which could lead to the prosecution of arbitrary code by processing a especially crafted web content 
  • CVE-2022-32894– An out- of- bounds write issue in the operating system’s Kernel that could be abused by a vicious application to execute arbitrary code with the loftiest privileges 

Apple said it addressed both the issues with bettered bounds checking, adding it’s apprehensive the vulnerabilities” may have been actively exploited.” 

The company didn’t disclose any fresh information regarding these attacks or the identities of the threat actors perpetrating them, although it’s likely that they were abused as part of largely- targeted intrusions. 

The latest update brings the total number of actively exploited zero- days patched by Apple to six since the launch of the time,

  • CVE-2022-22587( IOMobileFrameBuffer) – A malicious operation may be suitable to execute arbitrary code with kernel privileges 
  • CVE-2022-22620( WebKit) – Processing maliciously crafted web content may lead to arbitrary code execution 
  • CVE-2022-22674( Intel Graphics Driver) – An operation may be suitable to read kernel memory 
  • CVE-2022-22675( AppleAVD) – An application may be suitable to execute arbitrary code with kernel privileges 

Both the vulnerabilities have been fixed in iOS15.6.1, iPadOS15.6.1, and macOS Monterey 12.5.1. The iOS and iPadOS updates are available for iPhone 6s and latterly, iPad Pro( all models), iPad Air 2 and latterly, iPad 5th generation and latterly, iPad mini 4 and latterly, and iPod touch( 7th generation).

Update : Apple on Thursday released a security update for Safari web browser( version 15.6.1) for macOS Big Sur and Catalina to patch the WebKit vulnerability fixed in macOS Monterey.

Apple’s New “Lockdown Mode” Protects iPhone, iPad and Mac Against Spyware

Apple's New "Lockdown Mode" Protects iPhone, iPad and Mac Against Spyware

Apple on Wednesday announced it plans to introduce an enhanced security setting called Lockdown Mode in iOS 16, iPadOS 16, and macOS Ventura to  guard high-  threat users against” highly targeted cyberattacks.” 

The” extreme, optional protection” feature, now available for preview in beta versions of its upcoming software, is designed to counter a surge in threats posed by private companies developing state- sponsored surveillanceware  similar as Pegasus, DevilsTongue, Predator, and Hermit.

Lockdown Mode, when enabled,” hardens device defenses and  rigorously limits certain functionalities, sharply reducing the attack surface that potentially could be exploited by  largely targeted  greedy spyware,” Apple said in a statement.   

This includes blocking most communication attachment types other than images and disabling link previews in Messages; rendering inoperative just-  by- time(JIT) JavaScript  compendium; removing support for shared albums in Photos; and  precluding incoming FaceTime calls from unknown numbers.   

Other restrictions cut off wired connections with a computer or accessory when an iPhone is locked and, most importantly, prohibit configuration profiles — a feature that is been abused to sideload apps bypassing the App Store — from being installed.   

The tech giant also noted that it plans to incorporate  fresh countermeasures to Lockdown Mode over time, while simultaneously inviting feedback from the security  exploration community to identify” qualifying findings” that will be eligible for over to$ 2 million in bug bounties.   

It’s worth noting that the feature won’t be switched on by default, but can be accessed by heading to Settings> Privacy & Security> Lockdown Mode.   

The announcement arrives a month after Apple debuted a new Rapid Security Response feature in iOS 16 and macOS Ventura that aims to deploy security fixes without the need for a full operating system version update.   

Google and Meta offer  similar software features known as Advanced Account Protection and Facebook Protect that are meant to secure the accounts of  individualities who are at an” elevated  threat of targeted online attacks” from takeover attempts.

But it will not be surprising if Google follows suit with a  analogous feature on Android.