The Art of Cryptojacking | JNUC 2023

Dive into the world of Mac malware with Jamf Threat Labs as they uncover and analyze a cryptojacking botnet in this insightful JNUC 2023 presentation.

In a captivating JNUC 2023 session, Matt Benyo from Jamf Threat Labs shared their journey of uncovering a cleverly disguised piece of Mac malware. The team's exploration into this malware, which involved cryptojacking activities, highlighted the nuanced world of cybersecurity beyond the typical 'spy vs. spy' narratives.

The session began with an overview of Jamf Protect’s Threat Protection mechanics, which utilize Apple's endpoint security API for system-level monitoring. This tool is critical in identifying potential threats by scrutinizing file hashes, Team IDs, and employing Yara rules.

Benyo then delved into the workings of cryptocurrency mining and its exploitation by malicious actors. This context set the stage for their discovery of the malware, initially spotted due to an unusual alert in Jamf Protect. The culprit was an altered version of the XMRig mining program, found within a pirated copy of Final Cut Pro on Pirate Bay. This discovery unraveled a sophisticated scheme where the malware used victim's computing resources for crypto mining, simultaneously running a legitimate application to avoid suspicion.

The session further explored the malware's evasion of detection and its spread through platforms like Pirate Bay. The Q&A highlighted the malware’s intricacies, defensive evasion strategies, and Jamf Threat Labs' approach to protecting against such unknown threats.

This investigation by Jamf Threat Labs not only shed light on the complexities of Mac malware but also underscored the importance of continuous vigilance in the realm of cybersecurity.