Malwarebytes Labs reported on a high number of OSX users who noticed the unusual behavior of their computers caused by the “mshelper” application, which runs an established form of XMRig mining software. The malware takes over the CPU’s activity and drains the battery life to mine coins like Monero for the crypto highjacker.
The malware is believed to be installed when downloading fake Flash play installers, untrusted documents, and software. The infection was detected as COINMINER_MALXMR.A-OSX, containing over 23 000 functions and providing the dropper with root access to the infected system.
The new malware — now known as OSX.ppminer — falls in the same category of crypto miners, for example, Creative Update, CpuMeaner, and Pwnet for macOS.
The infected user can run Etrecheck to help locate and clean the system. Security experts recommend antimalware software system scanning because of possible file duplicates. The digging malware isn't threatening apart from the cases when users` Mac PCs have broken fans or blocked fans that can lead to overheating.
This is not the first crypto attack on Mac users using powerful hardware. Security experts also recommend regular software updating via official releases from hardware, software, operating system, and firmware vendors only. They also advise users to pay particular attention to possible attacks contained in links or attachments in email links, suspicious downloads, and malicious software and apps.