Researchers of the cybersecurity of Malwarebytes Corporation have discovered a new type of Monero malware miner, aimed at users of Mac computers from Apple. This was said in the company’s blog, by the Malwarebytes director of Mac and mobile devices, Thomas Reed.
The first information about this malicious software appeared on the Apple forums, where the process “mshelper” was found as the culprit. However, researchers of Malwarebytes found that the device also installed several other suspicious processes. Fortunately, this malware is not very sophisticated and is easy to remove.
“The malware consists of three parts: the dropper, which installs malicious software, the launcher and the miner itself, which is based on the open-source XMRig Monero-Miner. These malicious processes manage to capture a significant part of the processing power of the processor,” Reed said.
It is also known that the miner installs the program “pplauncher”, written in the language of Golang.
“This is a rather strange choice, Using Golang introduces significant overhead, resulting in a binary file containing more than 23,000 functions. Using this for what appears to be simple functionality is probably a sign that the person who created it is not particularly familiar with Macs,” Reed concluded.
Nevertheless, the researcher admitted that the infection with this miner for Apple devices is not particularly dangerous and it is not difficult to remove.