MacOS devices are being targeted by pirated apps that want to hijack your machine

News
By published

Hackers are hiding malware in pirated macOS apps, again

Magnifying glass enlarging the word 'malware' in computer machine code
(Image credit: Shutterstock)

Cybersecurity researchers from Jamf Threat Labs have uncovered a new piece of malware targeting macOS users. 

The malware, though unnamed, shares many similarities with another malicious piece of code discovered in 2021, called ZuRu.

In a detailed report, the researchers said the malware was found hiding in three separate, pirated software. The software, including Microsoft Remote Desktop, was found on a Chinese website that provides links to different pirated applications.

The ghost of ZuRu

If a user downloads and runs any of the compromised applications, the malware will download and execute multiple payloads in the background. These payloads are all tasked with different things, from serving as a dropper, to being a backdoor, to working as a persistent downloader to deliver additional malicious payloads. 

The targets, obviously, seem to be Chinese macOS users, similar to what ZuRu did three years ago.

Back in 2021, cybersecurity researchers from Objective-See and Trend Micro observed ZuRu hiding in pirated versions of applications such as iTerm, SecureCRT, Navicat Premium, and Remote Desktop Client. The people that downloaded these apps found them working as intended, but were oblivious to the fact that a Python script was being executed in the background.

This script stole sensitive data from the victim endpoint and sent them to a command & control (C2) server used by the attackers. 

“It’s possible that this malware is a successor to the ZuRu malware given its targeted applications, modified load commands and attacker infrastructure,” Jamf’s researchers said.

Pirated software is a great place to hide malware, the researchers also added, as users understand they’re engaged in illegal activity and expect their antivirus programs to raise a flag. “This leaves them willing to skip past any security warning prompts built into the operating system such as Gatekeeper, which informs the user that these applications are not safe to open,” they concluded.

Thus, the best way to protect against such threats is not to steal and download pirated software in the first place. 

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Ransomware
Microsoft spies a new and worrying macOS malware strain
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Image of laptop infected with malware threat
This devious new macOS malware disguises itself as Chrome, Zoom installers
Illustration of a laptop with a magnifying glass exposing a beetle on-screen
This devious macOS malware is evading capture by using Apple's own encryption
A person in a wheelchair working at a computer.
Why betting on Mac security could put your organization at risk
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
These fake macOS updates are actually just looking to spread malware
Latest in Security
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
WordPress on a laptop
Over 20,000 WordPress sites hit by damaging malware campaign
Trojan
WhatsApp patches security flaw which let hackers install spyware
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 21 (game #1152)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 21 (game #383)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 21 (game #649)
The ASSC Assassin's Creed collection.
The Assassin's Creed x Anti Social Social Club drop includes gaming merch that I wouldn't be embarrassed to wear
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
More about security
Lock on Laptop Screen

Data breach at Pennsylvania education union potentially exposes 500,000 victims
Trojan

WhatsApp patches security flaw which let hackers install spyware
Spyware

Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
See more latest
Most Popular
Spyware
Stalkerware data breach potentially hits over 2 million users, including thousands of Apple devices
Miele Guard L1 Comfort XL cyclinder vacuum
I've been patiently waiting for the newest vacuum tech to make its way into cylinder vacuums, and Miele has finally delivered
The ASSC Assassin's Creed collection.
The Assassin's Creed x Anti Social Social Club drop includes gaming merch that I wouldn't be embarrassed to wear
Quordle on a smartphone held in a hand
Quordle hints and answers for Friday, March 21 (game #1152)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Friday, March 21 (game #383)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Friday, March 21 (game #649)
Living room with Microsoft Xbox Series X (L) and Sony PlayStation 5 home video game consoles alongside a television and soundbar, taken on November 3, 2020.
The PS5 is currently selling faster than the PS4 did in the US, but I'm surprised to discover that the Xbox Series X and S are trailing behind Xbox One
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Samsung Galaxy Tab S9 FE Plus on a desk showing the rear of the device from above
The Samsung Galaxy Tab S10 FE could be a powerful iPad Air rival, based on the latest specs rumors
Trojan
WhatsApp patches security flaw which let hackers install spyware