Cryptojacking is becoming one of the biggest computer threats out there.
While cryptomining is a completely legal way to earn cryptocurrencies, cryptojacking is another story. It’s a new scheme by cybercriminals to profit off your gadget without your knowledge. Since this practice can lead to higher energy bills, overworked gadgets and even burned out phones, cryptojacking is the latest security threat you need to keep your eye on.
And if you think you’re safe from cryptojacking malware just because you’re on a Mac, well think again.
There’s a new cryptojacking malware in town and it’s targeting Macs exclusively.
As reported by Malwarebytes, the new malware is known as “mshelper” and Mac owners are complaining that the process is using up their computer resources and, in turn, causing them to overheat.
Instead of Bitcoin, the cryptominer in question appears to be mining Monero, the current cryptocurrency of choice by cybercriminals due to its higher level of anonymity.
The malware initially surfaced in a post in Apple’s community forums where users were reporting that a rogue Mac process called “mshelper” was using extremely high levels of CPU usage. Upon further investigation, it was discovered that other suspicious processes were installed too.
How does “mshelper” work?
According to Malwarebytes, “mshelper” is likely spread via the usual malware “droppers” such as a fake Adobe Player installs, trojan downloads from piracy sites, and poisoned attachments in phishing emails.
Its launcher, known as pplauncher, is then installed in a specific Mac library folder and is kept running by a system launcher (known as daemons). This means the malware dropper had access to root permissions.
Finally, the miner itself looks like an older version of the legitimate Mac cryptocurrency mining software XMRig Miner.
As noted by Malwarebytes,”mshelper” is not a sophisticated piece of malware and “everything about it suggests simplicity.” It’s still one annoying threat you need to guard against though.
Refresher: What is a cryptojacker?
What is cryptojacking? It’s a new method for hackers to generate revenue for themselves at your expense.
Since cryptomining consumes tons of electrical energy, fraudsters love sourcing out this activity to others. Instead of putting up server farms dedicated to cryptomining, they would rather steal your computer’s resources to do the heavy lifting for them.
They can do this by hijacking your browser or by installing cryptomining malware secretly on your computer. Think of it as similar to a botnet, except it’s used for mining cryptos like Bitcoin or Monero instead of performing denial of service attacks.
By sneaking in hidden software, a cryptojacker uses a computer’s processing power secretly to help out in cryptocurrency mining.
This is, in essence, what cryptojacking is all about. And with it, some sites may be making cryptocurrencies off your computer without your permission and you won’t even get a virtual nickel out of it.
Signs that your gadget has been cryptojacked
Cryptojacking software is meant to run in the background without being detected but there are tell-tale signs that your gadget has been victimized.
First, you may notice slower than usual internet connections and slower performance. Since cryptomining uses your gadget’s processing cycles, it consumes more energy so you’ll notice a shorter battery life and it running warmer than usual.
Always check your Mac’s Activity Monitor for any suspicious applications running in the background.
How to protect your Mac against “mshelper”
To protect yourself Mac malware in general, be extra vigilant when downloading, installing software or clicking links. These are the common vectors – poisoned links and attachments, drive-by downloads, and trojan software.
It is also essential to keep your operating systems and applications up-to-date and patched with the latest security patches to close potential security holes that hackers could take advantage of.
How to protect yourself from the latest router malware attack
A new router malware called VPNFilter has been spotted and it has already infiltrated half a million routers in dozens of countries, including the U.S. Click here for steps on how to remove VPNFilter and ways to protect yourself from future attacks.