Share this article
New Strain of Malware Hijacks Apple Macs to Mine Monero
A monero cryptominer based on XMRig is hijacking Macs, causing high CPU and fan usage.
By Nikhilesh De
Updated Sep 13, 2021, 7:59 a.m. Published May 24, 2018, 4:10 p.m.
A new type of malicious software infecting Apple's Macs is mining monero, researchers with cybersecurity firm Malwarebytes announced.
In a blog post Tuesday, the antivirus software developer revealed that an innocuous Mac process called "mshelper" was being abused on infected machines to mine monero for an unknown attacker. Malwarebytes director of Mac and mobile Thomas Reed wrote that along with a combination of other malicious processes, mshelper utilized large amounts of central processing unit (CPU) power, but was "not particularly dangerous" to Macs.
STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Daybook Americas Newsletter today. See all newsletters
"Affected users saw their fans whirring out of control and a process named 'mshelper' gobbling up CPU time like Cookie Monster. Fortunately, this malware is not very sophisticated and is easy to remove," he wrote, adding:
"The malware became public knowledge in a post on Apple’s discussion forums, where the “mshelper” process was found to be the culprit. Digging deeper, it was discovered that there were a couple other suspicious processes installed as well. We went searching and found copies of these files."
There are three main components to the malware, he wrote: the dropper, which is a program which downloads the malware; the launcher, which installs and launches the malware; and the miner itself, which is based on XMRig, an open source monero miner.
Malwarebytes has not yet discovered what the dropper program is, but past examples include fake Adobe Flash Player installers and other downloaded software, Reed said.
However, it installs something called "pplauncher," which installs the miner. Notably, it is written in Golang, which Reed says is an odd choice. He added that "using this for what appears to be simple functionality is probably a sign that the person who created it is not particularly familiar with Macs."
His final assessment is that the miner, while annoying, is not complicated, and can be easily removed. He noted that there are an increasing number of Mac cryptominers, saying "
Mac cryptomining malware has been on the rise recently, just as in the Windows world. This malware follows other cryptominers for macOS ... I’d rather be infected with a cryptominer than some other kind of malware, but that doesn’t make it a good thing."
Macbook Pro image via thanmano / Shutterstock
Mais para você
O que saber:
- As of October 2025, GoPlus has generated $4.7M in total revenue across its product lines. The GoPlus App is the primary revenue driver, contributing $2.5M (approx. 53%), followed by the SafeToken Protocol at $1.7M.
- GoPlus Intelligence's Token Security API averaged 717 million monthly calls year-to-date in 2025 , with a peak of nearly 1 billion calls in February 2025. Total blockchain-level requests, including transaction simulations, averaged an additional 350 million per month.
- Since its January 2025 launch , the $GPS token has registered over $5B in total spot volume and $10B in derivatives volume in 2025. Monthly spot volume peaked in March 2025 at over $1.1B , while derivatives volume peaked the same month at over $4B.
Mais para você
Bitcoin’s Deep Correction Sets Stage for December Rebound, Says K33 Research
K33 Research says market fear is outweighing fundamentals as bitcoin nears key levels. December could offer an entry point for bold investors.
O que saber:
- K33 Research says bitcoin’s steep correction shows signs of bottoming, with December potentially marking a turning point.
- The firm has argued that the market is overreacting to long-term risks while ignoring near-term signals of strength, like low leverage and solid support levels.
- With likely policy shifts ahead and cautious positioning in futures, K33 sees more upside potential than risk of another major collapse.
Top Stories
