Monero-Mining Malware Targets Mac Users
A number of Mac users reported experiencing an increase in CPU activity and battery use, depleting power reserves faster than usual. Researchers associated the battery drain to a persistent cryptocurrency miner called mshelper (Detection name: COINMINER_TOOLXMR.A-OSX) that provided it with root privileges.
While infection is believed to have come from downloads of fake Flash player installers, malicious documents or software rather than sophisticated means, researchers found that the launcher daemon pplauncher (Detection name: COINMINER_MALXMR.A-OSX) kept the malware active, suggesting the dropper had root privileges in the infected system. When analyzed, the 3.5MB launcher contained a binary file of more than 23,000 functions. The large overhead suggests its developer may not be specifically familiar with Macs.
The launcher creates the mshelper process file, mining Monero cryptocurrency for the cybercriminals with the legitimate open source mining tool XMRig. Mshelper is a mining software that threat actors abuse; it should be removed, as the malware can cause overheating for units with damaged fans or vents.
This is not the first time Mac users were targeted for cryptocurrency mining malware, as cybercriminals previously packaged a crypto-miner backdoor via a MacUpdate. Further, the growing popularity of cryptocurrency among cybercriminals is bound to encourage more deployments of malware infection on systems for mining purposes. Here are a few steps to protect your systems from being infected:
- Regularly update using official patches from hardware, OS, software, and firmware vendors.
- Be cautious of known attack vectors such as email with links or attachments, downloads from suspicious sites, and unofficial or malicious software and apps.
Trend Micro Antivirus for Mac and Maximum Security helps defend against web threats and malicious files, secures your transactions, and provides equal security to all your devices. Trend Micro solutions prevent malicious software attacks, allow you to browse and play safely, and comes with easy-to-understand status reports.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Exposed Container Registries: A Potential Vector for Supply-Chain Attacks
- LockBit, BlackCat, and Clop Prevail as Top RAAS Groups: Ransomware in 1H 2023
- Diving Deep Into Quantum Computing: Modern Cryptography
- Uncovering Silent Threats in Azure Machine Learning Service: Part 2
- The Linux Threat Landscape Report