Hackers using macOS apps to deploy cryptocurrency mining malware

This malware uses the Invisible Internet Project (i2p) to download malicious components and send coins to the attacker’s wallet.

One example of the evasion technique is a shell script that monitors the list of running processes to check for the presence of Activity Monitor and, if so, terminate the mining processes.

The malicious mining process is based on the user launching the pirated application, on which the code embedded in the executable connects to the server controlled by the hackers via i2p to download the XMRig component.

Apple, on the other hand, has taken steps to combat the phenomenon with stricter policies in macOS Ventura, thus preventing the launch of malicious apps.

On the other hand, by the time the user receives the error message, this malware has already been installed.

https://www.jamf.com/blog/cryptojacking-macos-malware-discovered-by-jamf-threat-labs/