New Mac Malware Monero Miner Discovered

Crypto mining is on the rise as bad actors have discovered decentralized mining is a lot cheaper than setting up a rig and paying the electricity bills to compete with massive mining pools and Apple users are not immune from being crypto jacked.

Mac Cryptominer uses Legitimet Software

In an earlier story this year NewsBTC reported that crypto jacking or drive by mining was up by 4000% in the first quarter of 2018 and now Mac owners are reporting a piece of malware called “mshelper” sucking up their CPU time and overheating their cooling fans. Luckily the “mshelper” process as reported by Malwarebytes Labs isn’t very sophisticated and is relatively easy to remove.

Not surprisingly the newly discovered malware is mining for Monero, as it has become the favorite cryptocurrency for hackers mostly due to its high level of anonymity. Sandiford Oliver, Cybersecurity Researcher for Proofpoint, talked about Monero being the first choice for botnets mining crypto and expects it to continue to rise as the token price goes up.

The “mshelper” malware was brought to public knowledge by users posting on Apple’s discussion forums. As more Mac users chimed in it was found that other suspicious processes were installed as well.

Malwarebytes Labs broke the process down to its components. They identified the dropper or the program which installed the malware, as probably being a fake Adobe Flashplayer install file. Droppers they explained usually come from pirated copies of popular file downloads.

The launcher they found to be a file called ‘pplauncher’ which is kept active by a launch daemon meaning that the dropped had access to root privileges.

Finally the miner which is the aforementioned “mshelper” which has been recognized as an older version of the legitimate XMRig miner which is available for install on Macs.

Cryptomining isn’t limited to PCs

Though crypto mining through malware is often thought of as being a PC problem the fact that there is money to be made stealing computing power makes it a problem for every online device. Android miners and malware designed to infect Internet of Things means that soon nearly every appliance could be a target for drive by miners. The problem goes beyond cyber criminals as even internet service providers have been found out infecting customers with mining malware.

Mac cryptomining malware has been on the rise with every other type and this latest infection follows many other previously recognized crypto-miners for the MacOS. As for the “mshelper” malware it’s not considered particularly dangerous as it is actually a legitimate piece of software, still it should be removed. Malwarebytes Labs provides a link to remove it here.

 

Image from Shutterstock

Source