New Mac cryptominer malware, dubbed “mshelper,“ is in the news, with many affected customers flocking to Reddit and Apple Support Communities to gain more information and learn how to remove malicious code from an infected system.
Cryptojacking is designed to mine cryptocurrency on your computer without your knowledge, which can often push your Mac’s CPU to overwork itself and hog other resources.
The payload appears to be delivered via modified downloads such as the Adobe Flash installer. You’re wholeheartedly recommended to download non-Mac App Store software from verifiable sources, preferably from official websites. Until Apple adds “mshelper” to macOS’s Quarantine blacklist, you will need to manually detect and remove this malware from your system.
About Mac cryptominer malware “mshelper”
“mshelper” is a form of Mac cryptominer malware that, once it infects a host, monopolizes its CPU and other system resources to mine Bitcoins. Mining, as you know, is a CPU-heavy process that “timestamps” transactions and performs extensive calculations.
As noted by MalwareBytes, even though this particular malware won’t steal or delete your data, it will make using your computer a pain. Due to high CPU usage, the computer will become unresponsive, run slowly and may crawl to a halt. Because the CPU is fully utilized, your Mac notebook’s fan may kick into overdrive as well.
If your Mac is getting a little warmer and louder for no apparent reason, it may be infected with “mshelper”. Here’s how to check if “mshelper” has infected your system and how to remove it.
How to remove “mshelper” from your Mac
First, find out whether your Mac has been infected:
1) Open Activity Monitor from /Applications/Utilities.
2) Click the CPU tab to sort the list by the processes using the highest CPU. Look at the top of the list. Do you see a process called “mshelper” that uses a lot of your CPU time? If so, your computer is infected so proceed with the tutorial to remove “mshelper” from your machine.
3) Choose the command Go To Folder from the Finder’s Go menu.
4) Type in the path “/Library/LaunchDaemons/” and press the Go button.
5) If you see the file named “com.pplauncher.plist” in the Finder window, delete it.
The full path of the file is:
6) Choose the command Go To Folder from the Finder’s Go menu.
7) Type in the path “/Library/Application Support/pplauncher/” and press the Go button.
8) If you see the file named “pplauncher” in the Finder window, delete it.
The full path of the file is:
9) Restart your Mac.
To verify that your Mac is free of the annoying cryptominer, open Activity Monitor, sort the process by name and confirm that “mshelper” is nowhere to be found.
According to blockchain evangelist and financial economist Alex de Vries, Bitcoin mining could use 0.5% of the world’s electricity energy in 2018.
de Vries commented:
You are generating numbers the whole time and the machines you’re using for that use electricity. But if you want to get a bigger slice of the pie, you need to increase your computing power. So there’s a big incentive for people to increase how much they’re spending on electricity and on machines.
With the increase in the network’s size, the huge costs associated with Bitcoin mining are further poised to grow so it’s not surprising that people are developing cryptojacking malware that monopolizes resources and gobbles up CPU time like Cookie Monster.
Need help? Ask iDB!
If you like this how-to, pass it along to your support folks and leave a comment below.
Got stuck? Not sure how to do certain things on your Apple device? Let us know via [email protected] and a future tutorial might provide a solution.
Submit your how-to suggestions via [email protected].