Tuesday, November 12, 2024
HomeBackdoorXMRig - New Cryptojacking Malware Attack on Apple Mac Devices

XMRig – New Cryptojacking Malware Attack on Apple Mac Devices

Published on

Malware protection

New Mac Cyptominer Malware  XMRig affected Mac users that cause a sudden increase of the CPU process called mshelper and the fans are running out of control to mine Monero cryptocurrency.

A malicious process mshelper talking the complete CPU process and increase to a super high level and it also installs some of the suspicious processes as well.

This Cryptominer is extremely propagating in a various platform and the malware consumes the system resources and utilizes them for mining cryptocurrencies without user permissions.

- Advertisement - SIEM as a Service

The Cryptocurrency-stealing malware targets wallet address on local storage on various devices and replaces its own address.

Initially, malware dropper is being distributed through various medium such as email, social media and the malware installed by fake Adobe Flash Player installers, downloads from piracy sites, decoy documents users.

Later it tricks users to download and execute it and the researchers say the malware dropper is still unknown.

XMRig Cyptominer Infection Process on Mac Devices

Initially, a file name called pplauncher is installed in the specific location that mentioned below.

~/Library/Application Support/pplauncher/pplauncher

pplauncher is written in Golang language and compiled for Mac and the file is continuously running and the dropper needs root privilege.

It takes the complete responsibility for the process of installing and launching the miner process.

According to Malwarebytes, Using Golang introduces significant overhead, resulting in a binary file containing more than 23,000 functions. Using this for what appears to be simple functionality is probably a sign that the person who created it is not particularly familiar with Macs.

A Process called mshelper is a miner which is installing to the specific following folder

/tmp/mshelper/mshelper

This is an old version of XMRig miner, which can be installed on Macs via Homebrew which is Being used for the purpose of generating the cryptocurrency for the hacker behind the malware.

This malware is not particularly dangerous unless your Mac has a problem with damaged fans or dust-clogged vents that could cause overheating. Although the mshelper process is actually a legitimate piece of software being abused, it should still be removed along with the rest of the malware. Malwarebytes Said.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Researchers Backdoored Azure Automation Account Packages And Runtime Environments

Runtime environments offer a flexible way to customize Automation Account Runbooks with specific packages....

Researchers Detailed Raptor Train Botnet That 60,000+ Compromised Devices

Researchers discovered a large, Chinese state-sponsored IoT botnet, "Raptor Train," that compromised over 200,000...

Hackers Using Supershell Malware To Attack Linux SSH Servers

Researchers identified an attack campaign targeting poorly secured Linux SSH servers, where the attack...