Apple’s Macs Were Infected by a Monero Miner
A new way of infecting users’ devices has been identified. Apple’s Macs were hacked to mine Monero, reported the researchers.
The announcement was made on May 22 via the cybersecurity firm’s website. According to it, a Mac process dubbed “mshelper” was attacked by malicious machines in order to mine Monero.
Thomas Reed, Director of Malwarebytes at Mac, revealed that the attacker used multiple malware processes and significant CPU power. However, according to Reed, this was “not particularly dangerous” to Mac devices.
“Affected users saw their fans whirring out of control and a process named ‘mshelper’ gobbling up CPU time like Cookie Monster. Fortunately, this malware is not very sophisticated and is easy to remove,” wrote Reed, adding that:
“The malware became public knowledge in a post on Apple’s discussion forums, where the “mshelper” process was found to be the culprit. Digging deeper, it was discovered that there were a couple other suspicious processes installed as well. We went searching and found copies of these files.”
The malware components
According to the blog post, there are three main elements of the malware attack: the dropper, which represents an application that gets the malware; the launcher – the person who takes care of installing and launching the malware; and the miner, who operates as an open source.
Malwarebytes failed to identify what the dropper component was. But, if we were to take on the previous incidents, we can assume it was the same Adobe Flash Player, explained Reed.
According to Reed’s suspicions, “using this for what appears to be simple functionality is probably a sign that the person who created it is not particularly familiar with Macs.” He explained then that it’s not a problem to eliminate the miner.
Regarding the increasing number of Mac crypto hackers, Reed stated that:
“Mac cryptomining malware has been on the rise recently, just as in the Windows world. This malware follows other cryptominers for macOS … I’d rather be infected with a cryptominer than some other kind of malware, but that doesn’t make it a good thing.”