Topic: Maloney Monster invades the macOS platform (Read 101 times)

On the Apple tech forum posting information on having a crypto-attack on the macOS operating system, many users accidentally fall victim to their device being used to secretly dig Monero.


According to the latest Malwarebytes Labs blog, the software was discovered when a user noticed the appearance of a file called "mshelper" that consumed a large amount of CPU load. He also emphasized that the software constantly appears during the CPU launch.

This user believes that BitDefender can handle everything, but not, "mshelper" constantly tries to remove BitDefender, even when using Malwarebytes, it does not help.

Another user suggested using Etrecheck, the software immediately recognizes the virus and the user has successfully removed mshelper.

Malicious software component identified

"Dropper" is the software that implanted malicious code into this machine. Malware on a Mac is often accompanied by "bait" documents that users accidentally open, downloaded from unprotected data sharing sites. However, Malwarebytes Labs claims that Dropper is just a simple virus software.

The researchers also found the location of a launch file called "pplauncher," which runs on a launch deamon. This means that Dropper may have privileged access to the system.

The pplauncher file is written in the Golang language for macOS, its purpose is to proceed with the installation and launch of a malicious digger. Golang requires quite a bit of load to be able to launch a binary file that processes 23,000 simultaneous commands. And using this file for such a simple task proves that the creator of it does not really know about Macs.

Digger machine




Mshelper is designed quite similarly to a fairly old version of the excavator called XMRig, a digger that can be deployed using Homebrew on a Mac. The latest version of XMRig was built on May 7, 2018 with the clang 9.0.0 interpreter.

As for mshelper, it was created on March 26, along with clang 9.0.0.

Malwarebytes Labs concludes that mshelper is an old copy of XMRig used to exploit electronic money for the benefit of hackers . Pplauncher provides command line commands, including a parameter that specifies the user.

Researchers say malicious software exploits are not dangerous unless the user's Mac has damaged the fan or blocked the vent that leads to overheating.

Mshelper is a non-destructive tool that is being abused by someone, and removing it is a must, just like any other malware.

New malware - now known as OSX.ppminer - is compatible with monetization software such as Creative Update, CpuMeaner and Pwnet for macOS.