New Strain of Malware Hijacks Apple Macs to Mine Monero

A new strain of malicious software infecting Apple's Macs is mining monero, researchers with cybersecurity firm Malwarebytes announced.

In a blog post Tuesday, the antivirus software developer revealed that an innocuous Mac process called "Mshelper" was being abused on infected machines to mine monero for an unknown attacker.

Malwarebytes director of Mac and mobile Thomas Reed wrote that a combination of malicious processes utilized large amounts of central processing unit power, but was "Not particularly dangerous" to Macs.

"The malware became public knowledge in a post on Apple's discussion forums, where the"Mshelper" process was found to be the culprit.

Digging deeper, it was discovered that there were a couple other suspicious processes installed as well.

There are three main components to the malware, he wrote: the dropper, which is a program which installs the malware; the launcher, which installs and launches the malware; and the miner itself, which is based on XMRig, an open source monero miner.

Malwarebytes has not yet discovered what the dropper program is, but past examples include fake Adobe Flash Player installers and other downloaded software, Reed said.

It installs something called "Pplauncher," which installs the miner.

"His final assessment is that the miner, while annoying, is not complicated, and can be easily removed. He noted that there are an increasing number of Mac cryptominers, saying".

"Mac cryptomining malware has been on the rise recently, just as in the Windows world. This malware follows other cryptominers for macOS ... I'd rather be infected with a cryptominer than some other kind of malware, but that doesn't make it a good thing."