A number of Mac users reported experiencing an increase in CPU activity and battery use, depleting power reserves faster than usual. Researchers associated the battery drain to a persistent cryptocurrency miner called mshelper (Detection name: COINMINER_TOOLXMR.A-OSX) that provided it with root privileges.
While infection is believed to have come from downloads of fake Flash player installers, malicious documents or software rather than sophisticated means, researchers found that the launcher daemon pplauncher (Detection name: COINMINER_MALXMR.A-OSX) kept the malware active, suggesting the dropper had root privileges in the infected system. When analyzed, the 3.5MB launcher contained a binary file of more than 23,000 functions. The large overhead suggests its developer may not be specifically familiar with Macs.
The launcher creates the mshelper process file, mining Monero cryptocurrency for the cybercriminals with the legitimate open source mining tool XMRig. Mshelper is a mining software that threat actors abuse; it should be removed, as the malware can cause overheating for units with damaged fans or vents.
Regularly update using official patches from hardware, OS, software, and firmware vendors.
Be cautious of known attack vectors such as email with links or attachments, downloads from suspicious sites, and unofficial or malicious software and apps.
Trend Micro Antivirus for Mac and Maximum Security helps defend against web threats and malicious files, secures your transactions, and provides equal security to all your devices. Trend Micro solutions prevent malicious software attacks, allow you to browse and play safely, and comes with easy-to-understand status reports.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).