A new cryptominer, dubbed Bird Miner, has been spotted in the wild targeting Mac devices and running via Linux emulation under the guise of a production software tool.

Malwarebytes researchers described Bird Miner as “somewhat stealthy” due to its instructions to bail out at multiple points if Activity Monitor is running and because of its ability to obfuscate the miner code by hiding it inside Qemu images, according to a June 23 blog post.

It's also worth noting that the malware runs via emulation, when it could easily run as native code and could have had better performance and a smaller footprint as a result. 

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.