New cryptojacking malware hits Mac devices

There is no doubt about the fact that cryptojacking malware has become one of the biggest threats to online users and given the unexpectedly high popularity of cryptocurrencies, it is unavoidable for people to make profits through cryptomining – But let’s not forget that cryptomining and cryptojacking are totally different domains.

Cryptomining is a legal way to earn cryptocurrencies but cryptojacking is a relatively new practice that cybercriminals are involved in. What happens is that cybercriminals exploit your gadget without your knowledge and permission to earn profits by using its computing power (CPU).

See: Hackers Hide Monero Cryptominer in Scarlett Johansson’s Picture

Naturally, your energy bills increase substantially while due to overworking, gadgets also get damaged pretty soon with reports of some phones being burned out. Therefore, security researchers are citing it as the latest security threat to devices.

Until now, it was believed that Mac users were able to thwart this threat but the latest research from Malwarebytes claims otherwise. Reportedly, a new malware dubbed as “mshelper” is attacking Mac devices and using system resources quite rigorously due to which machines are getting overheated.

The malware was discovered by Malwarebytes who assessed that it isn’t too sophisticated and comprises of three components including the following:

  1. Dropper, which downloads the malware
  2. Launcher, a file named pplauncher which installs and launches the malware. It is activated by a launch daemon (com.pplauncher.plist).
  3. Miner, which is based on XMRig, an open-source Monero miner

According to Thomas Reed from Malwarebytes: “Mac cryptomining malware has been on the rise recently, just as in the Windows world. This malware follows other cryptominers for macOS, such as Pwnet, CpuMeaner, and CreativeUpdate. I’d rather be infected with a cryptominer than some other kind of malware, but that doesn’t make it a good thing.”

See: 11 easy tips to secure your Mac against hackers

Currently, it is not clear how the malware is dropped on Mac devices. Analysis of previous attacks on Macs reveals that fake Adobe Flash Player installers infected files in phishing emails or downloads from unauthentic piracy platforms could be facilitating its distribution.

As for mshelper, researchers at Malwarebytes noted that “mshelper” is too simplistic. Since the launcher is activated by launch daemon, therefore, researchers believe that the dropper has root privileges and it aims to install and execute the mining process.

Once this process is created, the compromised Mac device begins mining for Monero. The mining process itself isn’t too dangerous for computers unless the device has damaged fans or dust-clogged vents. 

To delete “mshelper” you can run an antivirus or an anti-miner program. However, if the program fails to detect malware then you need to delete these files and reboot your device:

/Library/LaunchDaemons/com.pplauncher.plist
/Library/Application Support/pplauncher/pplauncher

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.