Mshelper mining virus targets Mac

New mining virus has been spotted by cybersecurity experts, as the messages from the corresponding forums tell, it masquerades as a service called mshelper. However, this is only a propulsor of the virus, there is also another process - pplauncher - which gives the remote mining mechanism the necessary rights and oversees the process.

As noted by those familiar with the malicious program structure, it is relatively easy to remove it. Firstly, EtreCheck and Malwarebytes for Mac are both able to search and destroy it, and, secondly, one can just delete the following files:

/Library/LaunchDaemons/com.pplauncher.plist
/Library/Application Support/pplauncher/pplauncher

Like some other examples already described on Bitnewstoday, this virus is dangerous for the hardware of the device - mining requires cooling, and usual computers are not designed for difficult calculations which allow to get cryptocurrency. All in all, the program doesn’t seriously differ from other simple remote miners, it uses the infected device to mine Monero for hackers. The domination of this altcoin in such scripts and programs is likely due to its highly anonymous blockchain. Software experts note that this phony mshelper was based on the older versions of XMRig - a mining mechanism which is not inherently malicious.

Image: Shutterstock