Monday, May 19, 2025
HomeBackdoorXMRig - New Cryptojacking Malware Attack on Apple Mac Devices

XMRig – New Cryptojacking Malware Attack on Apple Mac Devices

Published on

SIEM as a Service

Follow Us on Google News

New Mac Cyptominer Malware  XMRig affected Mac users that cause a sudden increase of the CPU process called mshelper and the fans are running out of control to mine Monero cryptocurrency.

A malicious process mshelper talking the complete CPU process and increase to a super high level and it also installs some of the suspicious processes as well.

This Cryptominer is extremely propagating in a various platform and the malware consumes the system resources and utilizes them for mining cryptocurrencies without user permissions.

- Advertisement - Google News

The Cryptocurrency-stealing malware targets wallet address on local storage on various devices and replaces its own address.

Initially, malware dropper is being distributed through various medium such as email, social media and the malware installed by fake Adobe Flash Player installers, downloads from piracy sites, decoy documents users.

Later it tricks users to download and execute it and the researchers say the malware dropper is still unknown.

XMRig Cyptominer Infection Process on Mac Devices

Initially, a file name called pplauncher is installed in the specific location that mentioned below.

~/Library/Application Support/pplauncher/pplauncher

pplauncher is written in Golang language and compiled for Mac and the file is continuously running and the dropper needs root privilege.

It takes the complete responsibility for the process of installing and launching the miner process.

According to Malwarebytes, Using Golang introduces significant overhead, resulting in a binary file containing more than 23,000 functions. Using this for what appears to be simple functionality is probably a sign that the person who created it is not particularly familiar with Macs.

A Process called mshelper is a miner which is installing to the specific following folder

/tmp/mshelper/mshelper

This is an old version of XMRig miner, which can be installed on Macs via Homebrew which is Being used for the purpose of generating the cryptocurrency for the hacker behind the malware.

This malware is not particularly dangerous unless your Mac has a problem with damaged fans or dust-clogged vents that could cause overheating. Although the mshelper process is actually a legitimate piece of software being abused, it should still be removed along with the rest of the malware. Malwarebytes Said.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

GNU C(glibc) Vulnerability Let Attackers Execute Arbitrary Code on Millions of Linux Systems

Security researchers have disclosed a significant vulnerability in the GNU C Library (glibc), potentially...

Exploiting dMSA for Advanced Active Directory Persistence

Security researchers have identified new methods for achieving persistence in Active Directory environments by...

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Mirai Botnet Actively Targeting GeoVision IoT Devices for Command Injection Exploits

The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of command...

Electromagnetic Side-Channel Analysis of Cryptographically Secured Devices

Electromagnetic (EM) side-channel analysis has emerged as a significant threat to cryptographically secured devices,...

Millions of RSA Keys Exposed, Revealing Serious Exploitable Flaws

A recent study has highlighted a significant vulnerability in RSA keys used across the...