OSX.BirdMiner, also referred to as the Bird Miner, is a cryptocurrency miner recently discovered by several anti-malware companies. The research made by Malwarebytes indicates that Bird Miner may be interconnected with a cracked installer for the top-class music production application Ableton Live 10. This program is popular among many DJs as a great tool for live performances. It additionally provides DJs with several useful features, such as music recording, mastering, composing and mixing. However, when the cracked version of Ableton Live 10 is downloaded and installed, there’s nothing surprising in the fact that the malware may be intertwined with it.
Bird Miner Infection quicklinks
- Bird Miner virus distribution channels
- Bird Miner impact on your Mac
- How to remove Bird Miner
- Automatic Malware removal tools
Bird Miner has a specific peculiarity that makes it definitely unique compared to other cryptocurrency mining malware samples. It actually runs via the Linux emulation, even though it was designed specifically for Mac computers. We bet that you care about the safety of your Mac. Consider reading this tutorial that will provide you with more detailed information about OSX.BirdMiner and ways to prevent its attack.
Bird Miner virus distribution channels
The Ableton Live 10 cracked version is currently hosted on VST Crack, the website for downloading pirated software through torrents. Its installer weights over 2.6 GB, thus occupying quite a substantial portion of the hard drive. However, this is quite reasonable for the tool with such functionality. So, the size of the program does not cause any suspicion. At first glance, installing the cracked version of the program lets people fully enjoy its features “for free”, however, the detailed analysis of its behavior reveals the additional malicious performance. The code of the cracked Ableton Live 10 contains Bird Miner that begins its activity immediately after the crack installation.
Keep in mind that this specific application for music production costs a lot of money, at least several hundred US dollars. Some categories of Mac users prefer to use only cracked versions without the need to make any payment or extending the subscription. Injection of malware through the torrent download of the Ableton Live 10 cracked version is actually the price people have to pay for illegal use of the program.
Bird Miner impact on your Mac
The Bird Miner installer generates random file names. Note that it additionally launched a special script called Crax that may be found in the /usr/local/bin/ directory. Crax has the purpose to hide the presence of the Bird Miner in the system and thus prevent its detection by anti-virus software. Therefore, Crax makes it possible for the Bird Miner to secretly remain in the affected Mac.
Crax, the integral component of the Bird Miner, checks whether the Activity Monitor application is running. If so, it unloads its other processes. This is done in order to prevent the detection within the system.
When the Activity Monitor is inactive, Bird Miner performs several CPU checkups to make sure that the processor is powerful enough for cryptocurrency mining.
Once the CPU checkup by Crax is successfully accomplished, it starts loading two other processes titled as ‘com.Flagellariaceae.plist’ and ‘com.Dail.plist’. The first process runs a script under the name of Pecora, whereas the second one is responsible for the Krugerite script.
The two scripts mentioned above additionally investigate whether the Activity Monitor is running. Afterward, the executable named Nigel is launched, which is considered to be the old variant of Qemu, the open-source application. The purpose of Nigel is to help the criminals in executing the miner code by hiding it inside Qemu images.
How to remove Bird Miner
According to the detailed analysis made by Malwarebytes, the Ableton Live 10 crack installer is not the only pirated software through which Bird Miner can be injected. It was distributed through other cracked software downloads hosted on the same website. It is absolutely clear that you should avoid referring to the help of torrents for bypassing the available licensing requirements. In other words, download Ableton Live 10 and other programs for your Mac only through legal resources.
If you have recently noticed that your Mac is functioning not as fast as it should, consider scanning it with a reliable anti-malware program. When the system is infected by sophisticated malware like Bird Miner, it is very hard to visually establish where the malware is concealed. Please refer to the help of Spyhunter that will perform the thorough checkup and will protect your Mac from the injection of other malware.
Automatic Malware removal tools