Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Malicious Cryptominer Distributed by MacUpdate Hack

The MacUpdate site was hacked on 1 February 2018, and the attackers slipped malicious code into updates for Firefox, OnyX, and Deeper that would use CPU cycles on infected machines to mine cryptocurrency. Malwarebytes has instructions for removing the malware. Although MacUpdate removed the offending updates quickly, the moral of the story is that it’s always best to update an app from inside the app itself or via the developer’s Web site.favicon follow link

 

Comments about Malicious Cryptominer Distributed by MacUpdate Hack

To leave a comment, click Add a Comment and then enter the text, your name, and your email address (which won't be displayed). Your comment will appear after you follow a link in the one-time confirmation message we send to verify that you're a real person.
Receive comments via RSS
Mike C  2018-02-12 19:55
I finally feel vindicated. Homebrew, the App Developer's website, and the Mac Apps Store are the only places one should be at when downloading Mac-centric apps.
Reply
B. Jefferson Le Blanc  2018-02-14 10:02
Chad at MacUpdate claims that they were not hacked. But it may be a distinction without a difference. Be that as it may, Malwarebytes offers a more readable explanation than MacUpdate does. So give them props.

In the meantime I'm not running macOS X 10.13 except on a test platform, from which I did not launch either Onyx or Deeper, though I have them both installed. So I replaced them, as instructed. As for Firefox, I found I was only running 58.0.1 and updated from within the app, so I think I'm clean. I found none of the suspect files in my Sierra user folder. I'll have to check 10.13 when I boot into it again.

That said, I don't use any bitcoin currency so I'm no sure what they could mine.

As for MacUpdate, as far as I know this is the first time they have been exploited in this way. They are usually reliable. Of course some of the software they offer there is crap, but that's another story. And it's not like you can't get amateur software at the Mac App Store.

But thank you to TidBITS for letting us know.
Reply
Curtis Wilcox  An apple icon for a Friend of TidBITS 2018-02-15 21:56
Mining is not stealing cryptocurrency from you. Mining involves performing a lot of CPU-intensive math to "earn" a unit of currency. Once it's generated, the miners copy it from your computer to a "wallet" of theirs somewhere.

The cost to you is possibly some noticeably slower performance and an increased electricity bill.
Reply