Found a new type of malware for mining Monero. Crypto miner was oborzeli researchers from the firm Malwarebytes, dealing with cybersecurity.
In an infected computer performs a set of malicious processes, which manages to capture a significant portion of processor power, but for the Macs is infected by “not especially dangerous”, reported the Director, Malwarebytes for Mac, and mobile devices Thomas Reid.
“Users may find that their fans are getting out of control, and the process “mshelper” begins to devour the computational resources of the processor like the cookie monster from “sesame Street.” Fortunately, this is not a very complicated program and remove it easy. A mass audience about this malware became known from the post on the Apple forums, where the main culprit called the process “mshelper”. After an in-depth study of the topic also had a terrible setup and a couple of other suspicious processes. We started looking for and found copies of these files,” said Thomas reed.
It is known that the virus itself consists of three parts: dropper (a program that installs malicious software), tools and run the miner, which is based on Monero-XMRig miner open source.
The miner sets the program “pplauncher”. Interesting is the fact that the program is written in Golang, and Reid thinks it’s a very strange choice.
“Use of this language for such a simple task is probably a sign that the person who did it, not particularly familiar with Mac AMI,” added Reid.
To detect the dropper is not possible. However, experts at Malwarebytes, noted that in past times, as the droppers were fake Adobe Flash Player installers, and other installation programs.
Experts hastened to reassure users stating that miner, though unpleasant, but not difficult, and to remove it is easy.
“In recent years, crypto-miners for Mac on the rise – as in the Windows world. With regard to this particular malware, this is another example of crypto-miner for Mac OS. I prefer to get crypto miner than some other malware, but it still does not make it something good,” concluded Thomas Reid.