Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Advertisement 

×

Message

EU e-Privacy Directive

This website uses cookies to manage authentication, navigation, and other functions. By using our website, you agree that we can place these types of cookies on your device.

View e-Privacy Directive Documents

You have declined cookies. This decision can be reversed.

Macs Infected With New Monero Mining Malware

Written by  May 24, 2018

Many Mac users reported in the past few weeks that a process named “mshelper” had been eating up a lot of CPU power and draining their batteries. It turns out that the process is associated with a piece of malware designed to mine for Monero (XMR) cryptocurrency.

Researchers at Malwarebytes have analyzed the mshelper malware and while they haven’t been able to precisely determine how it’s distributed, they believe fake Flash Player installers, malicious documents or pirated software are likely involved rather than some other, more sophisticated, method.

Experts noticed that the launcher, a file named pplauncher, is kept active by a launch daemon (com.pplauncher.plist), which suggests that the dropper likely had root privileges on the compromised system. The launcher was developed in Golang and it’s relatively large (3.5 Mb).

“Using Golang introduces significant overhead, resulting in a binary file containing more than 23,000 functions. Using this for what appears to be simple functionality is probably a sign that the person who created it is not particularly familiar with Macs,” explained Malwarebytes’ Thomas Reed.

Once the launcher creates the mshelper process, the compromised device starts mining for Monero cryptocurrency on behalf of the cybercriminals who distribute the malware. The miner itself is a legitimate and open source mining tool named XMRig.

Advertisement 
Daily Steals Up to 95% Off!

“This malware is not particularly dangerous, unless your Mac has a problem like damaged fans or dust-clogged vents that could cause overheating. Although the mshelper process is actually a legitimate piece of software being abused, it should still be removed along with the rest of the malware,” Reed said.

Based on reports from victims, anti-malware products initially either did not detect the threat at all or they could not completely remove the infection – the malware reappeared after a reboot. Now that news of the malware has spread, security companies have likely updated their products to ensure complete removal.

Alternatively, users can manually remove the malware by deleting these two files and rebooting their devices:

/Library/LaunchDaemons/com.pplauncher.plist

/Library/Application Support/pplauncher/pplauncher

This is not the only cryptocurrency miner delivered recently to Mac users. In February, Malwarebytes reported that a Monero miner had been delivered through malicious versions of applications available through the MacUpdate website.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Top News

Advertisement 

  1. Popular
  2. Trending
  3. Comments

Calendar

« May 2018 »
Mon Tue Wed Thu Fri Sat Sun
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      

Advertisement 

Advertisement