According to the article
blog Malwarebytes, dealing with cybersecurity, in a network there was a new virus infecting Mac computers with malware for mining cryptocurrency Monero (XMR).
Director, Malwarebytes for Mac, and mobile devices, Thomas Reid said that on the computers of victims of this virus, it runs a harmless process «mshelper» which uses a significant portion of processor power for mining cryptocurrency in favor of an unknown attacker. However, for PCs it’s infected, «not very dangerous».
«From posts on Apple’s forums became aware of the fact that the users are complaining about malicious process «mshelper», which begins to devour the computational resources of the processor. This program is not very complicated and it is easy to remove. After we have studied the behavior of this virus, we have found some suspicious processes that create copies of the malware».
The virus consists of three parts: dropper (a program carrier, which installs malware), the launcher and the miner, created on the basis XMRig open source.
Specialists Malwarebytes failed to detect the program of the dropper, but as the analysis of past cases, it was a fake Adobe Flash Player installers, and other installation programs.
It is known that the launcher is the program «pplauncher», which sets the miner, written in Golang, which is kind of an odd choice, since according to reed, «the use of this language for such a simple task — a sign that the person who made it, not familiar with Mac.»
Reid came to the conclusion that, although the miner is troublesome to remove it is very simple. He also noted: «recently there has been increased activity of virus-miners both Mac and Windows. And yet, although I do not think it is something good, I would prefer to get a miner than any other malicious program.»