Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

MacUpdate served up Mac cryptominer to unsuspecting users in Firefox, OnyX, and Deeper downloads on Feb. 1

Download aggregator MacUpdate briefly linked to three malicious applications masquerading as legitimate downloads for Firefox, OnyX, and Deeper, that not only install the apps, but also deposit a cryptocurrency miner on downloader's systems.

At some point on Feb. 1, MacUpdate updated legitimate download links to bogus installers for the three apps. According to Malwarebytes Labs, OnyX and Deeper by Titanium Software links were replaced by a very similar URL to the download, and Firefox downloads were redirected to an URL that was obviously not mozilla.net.

The payload was delivered as a .dmg file, but the installers were scripts that download and install the payload, plus retrieved a legitimate copy of the app in question to convince the user that the app installed properly. This particular hack was not well executed, with the OnyX app retrieved in the place of the Deeper app, and vice versa.

The installed malware was mining the Monero cryptocurrency, passing a protonmail user to a login authority.

The applications hosted by Titanium Software themselves, and Mozilla's native download of Firefox are uninfected.

This is not the first time that MacUpdate has hosted malware in downloads. The company itself was installing its own adware to non-subscribers computers for a few months in 2015. A second event in 2016 found fake application EasyDoc Converter distributing the OSX Eleanor ransomware for a period of time.

AppleInsider suggests that users either download applications from the developer's site directly, or from the Mac App Store. As a general rule, avoiding download aggregators that link directly to downloads outside the Mac App Store is a good security practice.



14 Comments

🎄
racerhomie3 7 Years · 1264 comments

I downloaded OnyX from Titanium’s website. Am I affected?

Soli 9 Years · 9981 comments

I downloaded OnyX from Titanium’s website. Am I affected?

No, but you may want to just check the files and folders mentioned, to be sure.

🎄
freshmaker 13 Years · 532 comments

I actually tried mining Monero on my '17 MBP, and it suuuucks lol.  Whoever wrote that virus wasted a lot of time.  Ran it for 3 days straight and the hash rate wasn't high enough to earn anything.  Maybe it works a bit better on iMacs 

🎅
chasm 10 Years · 3629 comments

A pity this happened, but I’m glad the site took full responsibility and issued removal instructions. That’s how you handle something like this, and being more vigilant going forward.

Soli 9 Years · 9981 comments

I actually tried mining Monero on my '17 MBP, and it suuuucks lol.  Whoever wrote that virus wasted a lot of time.  Ran it for 3 days straight and the hash rate wasn't high enough to earn anything.  Maybe it works a bit better on iMacs 

Mining works better for GPUs. I know a PC gamer who invested $1500* alone in his GPU and he was able to play with mining cryptocurrencies (mostly garlicoin which he converted to bitcoin) to get a better understanding of it, and he's created a paper wallet that's still worth more (adjusting for the recent drops) than his entire PC. My 1.5¢ and hour on my Late-2017 MBP with the fastest CPU and GPU wasn't worth it.* The investment was for gaming, not for cryptocurrency mining.