Most professional software these days has switched to expensive subscription-based models, but not Apple: Final Cut Pro still costs the same $299 it did when the app launched in 2011. Still, three hundred bucks ain’t cheap, leading some to seek, let’s say, “alternative” markets for the app. However, if you’re tempted to pirate Final Cut Pro for a free edit session, don’t: It’s too dangerous.
As reported by 9to5Mac, cybersecurity company Jamf Threat Labs recently discovered malware within pirated copies of Final Cut Pro. This in and of itself isn’t necessarily a shock. Pirated software doesn’t come with the same security or protections you expect when downloading an app through an official outlet like the Mac App Store. Bad actors, then, take advantage of the situation, packing malware into popular apps to infect users looking for a free app.
However, the malware Jamf Threat Labs discovered in pirated copies of Final Cut Pro isn’t necessarily designed to steal your information or break into your accounts. Rather, it’s crypto-mining (or crypto-jacking) malware, which can turn your power-efficient Mac into a chore to use.
How crypto-jacking impacts your Mac
Mining for cryptocurrency demands a lot of resources, forcing miners to invest in both the equipment and the energy costs. Some, instead, choose to invest in other people for both: Once installed, crypto-mining malware hijacks your Mac’s processing power to mine cryptocurrency for the hacker’s benefit. That way, the hacker doesn’t need to invest any of their resources into crypto-mining rigs, and can outsource those tasks to their victims.
Good for them, bad for you. This type of malware, like all crypto-mining software, is demanding on your system, especially on your GPU, the chip that processes graphics on your computer. In fact, because so many crypto-miners were purchasing GPUs for their rigs, the price of GPUs shot up. There’s an incentive for bad actors to push the practices onto you, where you’ll experience all the system slow-downs and energy costs of the practice.
Of course, the impact on your system isn’t the only motivation to avoid this situation. Unwittingly installing malware on your Mac is always bad. Nobody wants strange software on their machine—it’s the definition of an invasion of privacy, whether or not you notice the effects of it.
This crypto-mining malware is particularly sneaky
Even more concerning in this specific case, Jamf Threat Labs found that macOS’ usual defenses weren’t catching the crypto-mining malware when it was installed on the user’s computer. That’s likely due to a clever trick by hackers, who have written a malicious version of Final Cut Pro that runs the open-source XMRig crypto-mining software in secret.
Previous versions of this malware were less sneaky, first needing the user to enter their system password, and next requiring them to keep the app running for the malware to work. With this latest version, once the malicious Final Cut Pro runs, the crypto-mining malware gets to work in the background, and doesn’t need Final Cut Pro opened to mine going forward.
It knows you’re going to be concerned about your Mac slowing down, too: If you open Activity Monitor to investigate the program taking up so many resources, the malware shuts down until you quit Activity Monitor. Creepy, but perhaps keeping Activity Monitor running at all times is the best new anti-malware solution on the market.
Final Cut Pro is just the latest pirated app found with this type of crypto-jacking malware, as Jamf Threat Labs discovered similar issues with pirated versions of Photoshop and Logic Pro. For Apple’s part, the company claims this malware family does not bypass their malware protections.
Still, the news serves as a reminder that the internet still has a “Wild West” side, even in 2023. The safest way to install apps like Final Cut Pro on your Mac is to obtain them from the Mac App Store, which has protocols in place to sharply reduce the risk of malware.