The cybersecurity firm Malwarebytes is out with a new report, which states that a new type of malicious Monero mining software is making the rounds. The malware supposedly only affects Apple’s Mac computers and comes as Monero mining malware for Macs is on the rise. The malware only recently became public and comes as Windows computers have already long been plagued by different types of mining malware.
Researchers from Malwarebytes recently posted a blog entry, outlining steps for discovering and removing the malware. Once a device has been infected with the Monero mining malware, it takes advantage of the device’s hardware in order to mine Monero for the attacker. Thomas Reed, the director of Malwarebytes, wrote at length in the blog post regarding how the malware can use significant portions of the afflicted machine’s central processing unit (CPU) to mine Monero. However, it should be noted that the malware is not to be considered as being ”dangerous” – it is merely taking advantage of raw CPU power.
Even more fortunately, the malware is simple both to identify and remove. Afflicted users might see dramatically increased CPU performance in the computer’s activity monitor – however, it is even easier than that to diagnose, as a computer infected with the malware will notice that their fans activate even during light use of the machines. The process caused by the malware is listed as ”mshelper”, and will automatically employ a large portion of the CPU capacity, making it hard to miss.
There are three main parts related to the malware. There is the ”dropper”, which is responsible for installing the actual malware. Then there is the ”launcher”, which oversees the installation and launch of the malware, and then there is the actual miner. The miner is built on XMRig, which is an open-source Minero miner. It remains unclear exactly which program is responsible for being the ”dropper” program. Nonetheless, the launcher program seems to be called ”pplauncher”, which is written in the Golang programming language.
Reed noted that this is an unusual choice of programming language for what would appear to be simple functionality – leading some to suspect that whoever wrote the program is not entirely informed when it comes to writing malware for Mac computers. Nonetheless, the miner is easy to remove and is to be considered merely an annoyance, as it cannot have any serious adverse effects. However, it serves as a good reminder that both Macs and Windows machines alike are susceptible to mining malware.
Image Source: “Flickr”