A malicious software infecting Apple Mac computers used for mining Monero has been discovered by cybersecurity firm Malwarebytes.
The Mac crypto miner was discovered earlier this week, after affected users saw their fans whirring out of control and a process named “mshelper” started using CPU time, the company said in a blog post yesterday.
The malware, which became public knowledge in a post on Apple’s discussion forums, uses a dropper or a fake program like an Adobe Flash Player installer, downloaded from piracy sites to trick users into opening the program.
After users open the program’s file named pplauncher, it is installed and kept running by a launch daemon (com.pplauncher.plist), which is a rather sizeable executable file (3.5 MB) that was written in Golang and then compiled for macOS.
Based on the simplicity of the malware, the company said it’s likely that the person who created it is not very familiar with Macs and it can be easily removed.
Thomas Reed, director of Malwarebytes says that the cryptominer is not very sophisticated and can be easily removed, but noted that crypto mining malware attacks have been on the rise.
Thomas Reed said:
“Mac crypto mining malware has been on the rise recently, just as in the Windows world. This malware follows other crypto miners for macOS. I'd rather be infected with a crypto miner than some other kind of malware, but that doesn't make it a good thing."
While the virus is not particularly harmful, the use of malware for crypto-mining has been steadily growing. April 2018 marked the fourth consecutive month that crypto-mining malwares Coinhive and Cryptoloot dominated the Top Ten Most Wanted Malwares list, according to Israeli cybersecurity firm Check Point’s latest Global Threat Index.
Godfrey Benjamin
Yuri Molchan
Mushumir Butt
