New Mac cryptocurrency miner ‘Bird Miner’ runs by emulating Linux

Thomas Reed for Malwarebytes:

A new Mac cryptocurrency miner Malwarebytes detects as Bird Miner has been found in a cracked installer for the high-end music production software Ableton Live. The software is used as an instrument for live performances by DJs, as well as a tool for composing, recording, mixing, and mastering. And while cryptomining is not new on Mac, this one has a unique twist: It runs via Linux emulation.

The Ableton Live 10 cracked installer can be downloaded from a piracy website called VST Crack, and it’s more than 2.6 GB; a size that might be cause for alarm on other programs, but reasonable for such an app. However, on closer inspection, it’s clear this installer is doing some strange things…

The malware was first spotted in a pirated Ableton Live 10 installer. Since then, we’ve found additional installers for Bird Miner, all distributed through the same site for other software. All such installers will drop the same malware, though the exact install process may vary slightly.

MacDailyNews Take: Don’t steal software.

Here’s our usual oft-repeated reminder for Mac users and anyone who’s trying to use any other platform: Do not download and authorize the installation of applications (Trojans) from untrusted sources. No OS can protect users from themselves (or we wouldn’t be able to install any software). Those who grant attackers access to their Macs, should not be surprised to find their Macs are compromised.

This article was originally posted here