Cryptocurrency miners are most often aimed at Windows and browser users, but apparently no one is safe: neither Linux users, nor Mac users, even though cryptocurrency-mining malware targeting Mac machines is still a relatively rare occurrence.
The first instance of such a malware was spotted back in 2011, when the DevilRobber Trojan was found to have the ability to use CPU and GPU time on infected Macs to perform Bitcoin mining.
In August and November of 2017 SentinelOne researchers found and analyzed two Monero cryptocurrency mining Trojans targeting macOS: CpuMeaner and Pwnet.
CreativeUpdate, as this latest crypto-miner has been named, is just the latest attempt to target Mac users, many of whom are fooled into a false sense of security fueled by the relatively low number of Mac-specific malware out there.
Faulty malware to blame?
As previously noted by security researcher Arnaud Abbati of SentinelOne, the CreativeUpdate trojan “is a Platypus dropper downloading a miner from Adobe Creative Cloud servers.”
The malware has been bundled with decoy copies of Firefox, OnyX, as well as Deeper and tries to open them before starting itself so that users don’t get suspicious.
One of the site’s editors explained that he had been fooled by attackers to post links to the malicious bundles, and offered instructions on how to remove said malware:
The links were up from February 1st to February 2nd, 2018, so users who have downloaded those applications during that time will want to check whether their machines have been infected.
For now however it seems that other apps were not affected.
In general CBNN suggests that it is a good idea to download software directly from the developer’s site or the Mac App Store.