This week Apple reported a new background mining malware called MsHelper, which is remotely installed on Mac computers and serves as Monero (XMR) mining malware. The malware uses the computing power of the Mac computers to mine XMR, thus, is causing slower performance.
The malware was posted on Apple’s discussion forums, where users claimed that a newly installed program on their computers caused them to lose control over their computers and used a lot of the processing power of the CPUs as it mines XMR.
“I have MsHelper constantly showing up on the activity monitor with the CPU at super high levels. I probably wouldn’t have noticed it, except that I installed BitDefender today and it keeps showing me that it’s being deleted!” said Ron Edwards, the user who opened a topic on the covert crypto miner on an Apple community forum.
After several investigations, it was found that MsHelper is another version of the XMrig miner for Mac but used in a hostile way to enrich third parties at the expense of Apple Mac users.
The Mac Monero (XMR) mining malware apparently come with fake Adobe Flash Player, pirated content, or infected documents
According to Malwarebytes Labs, MsHelper is not a sophisticated malware, nor does it generate large vulnerabilities in the registration of user information. It is also not strong enough to be easily removed by Malwarebytes for Mac or manually.
It is believed that the virus that mines XMR is installed in computers by means of programs such as Adobe Flash Player in its false version which contains the dropper that injects the malware into the computer.
In this way, users would become infected with malware by downloading programs from piracy sites or misleading documents but it is not yet known exactly which software offer deceives users.
At the time of installation, the MsHelper mining Monero (XMR) malware deploys a launcher that is hosted in the support applications of the Mac operating system. This executable file is in charge of keeping the Monero (XMR) mining active on the computer and thus affects the performance of the computer.
Malwarebytes said that it is increasingly common for Apple devices to be covered up with versions of crypto miners malware, as there have already been problems with the Pwnet, CpuMeaner and CreativeUpdate programs, among others.