Malwarebytes, a cybersecurity firm disclosed that Apple’s Macs are getting hit by a new kind of malware making them mine monero.
Thomas Reed, Malwarebytes director of Mac and mobile, announced in a blog post that a harmless Mac process called “mshelper”, which has access large amounts of the central processing unit (CPU) power was being commanded by an obscure hacker to mine monero.
“Affected users saw their fans whirring out of control and a process named ‘mshelper’ gobbling up CPU time like Cookie Monster. Fortunately, this malware is not very sophisticated and is easy to remove,” he wrote, stating further:
“The malware became public knowledge in a post on Apple’s discussion forums, where the “mshelper” process was found to be the culprit. Digging deeper, it was discovered that there were a couple other suspicious processes installed as well. We went searching and found copies of these files.”
He identified three main components to the malware. The dropper which downloads the malware. The launcher which installs and runs it. The miner based on XMRig, an open source monero miner.
Reed said the dropper plants something called “pplauncher,” which install the miner. It is coded in Golang, which Reed finds odd. He continued that “using this for what appears to be simple functionality is probably a sign that the person who created it is not particularly familiar with Macs.”
He concluded that the miner was simple and easy to take off but it was annoying because the number of Mac monero miners is rising.
“Mac cryptomining malware has been on the rise recently, just as in the Windows world. This malware follows other cryptominers for macOS … I’d rather be infected with a cryptominer than some other kind of malware, but that doesn’t make it a good thing.”