Categories
Device

How to remove ‘mshelper’ the latest mac malware

You wouldn’t want a stranger stealing your computing power, would you? That’s exactly what’s happening on Macs right now with the Mshelper virus. Gone are the days where MacOS was considered virus resistant. New threats are always being developed, and Apple users are not immune to them. You need to learn more about this virus and how it may be affecting your computer, especially if you’re into cryptocurrencies.

What is Mshelper?

Mshelper malware mines cryptocurrency on your computer without your permission. This virus forces your Mac’s CPU to crunch numbers and to generate digital currency for its maker. It’s already been linked to Bitcoin, Monero, and Litecoin.

Even though crypto prices are dropping, hackers can still make a lot of money by hijacking the CPU power of your computer. A single BTC is currently worth $3,500, LTC is $24.77, and Monero is $44.24. The Mshelper virus can mine these tokens for other people for free using your computer.

But there’s good news. Mshelper is rather poorly designed malware. Because cryptocurrency mining is incredibly CPU-intensive, the virus is easy to detect. Plus, it runs at full power all the time instead of waiting for whenever the machine is idle like other malware threats in its class.

One theory suggests the virus comes from a hijacked Adobe Flash Player installer, but that’s currently unconfirmed. Just because we don’t know where Mshelper comes from doesn’t mean we can’t deal with it effectively.

If you notice your CPU is working harder than it should be, you’ll want to run a virus scan to look for viruses. We recommend you try Norton, Avast, or Bitdefender.

How Is Mshelper Harmful?

The virus is mostly harmless compared to other viruses. It doesn’t steal personal information or intercept logins. Instead, it:

  • Hogs your Mac’s system resources
  • Reduces the battery life of your device
  • Raises operating noise and temperatures
  • Greatly cripples performance
  • Degrades your device’s lifespan

Apple will more than likely patch this virus in a future update, but it’s worth checking for it now.

How Can I Check Whether Mshelper is on my Machine?

To verify whether your system’s sluggishness can be attributed to Mshelper, check for its process in your Activity Monitor.

  1. Open MacOS’s Activity Monitor.
  2. Click on the CPU tab.
  3. Organize the list by CPU usage; Mshelper should be near the top.
  4. Alternatively, organize the list in alphabetical order and search for the name that way.

How Do I Remove Mshelper?

There are many ways you can remove Mshelper from your machine. We’ve provided details for both the simple and advanced approaches.

Simplified

The easiest way to get rid of Mshelper is to scan for it using your antivirus. Most reputable antivirus programs on Mac will detect it because the virus makes no effort to hide.

If you are looking for an easy way to detect the virus, try out our top 10 list of best Mac antivirus programs.

Advanced

For more technically advanced users, you can also remove Mshelper on your own.

Here’s what you need to do:

  1. Open Macintosh HD in Finder.
  2. Go to Library >LaunchDaemons and remove the file named pplauncher.plist.
  3. Go to Library >Application Support and remove the file named pplauncher.
  4. Select the “Go to Folder” tool in Finder and type “/tmp/” to reach your private temporary directory. Remove the mshelper directory from there.
  5. Finally, empty the trash bin and restart your machine.

Congratulations! Your machine’s CPU is free from cryptocurrency mining threats. While removing it isn’t very hard, we recommend running a virus scan to ensure it’s been removed.

How Can I Protect Myself from Similar Malware?

New threats are always on the horizon but there are several things you can do to protect yourself. Here are a few ways to avoid malware like Mshelper:

  • Always keep an updated antivirus on your Mac. Your antivirus program is your first line of defense against these kinds of attacks.
  • Use a firewall. A firewall will analyze both incoming and outgoing traffic and help you spot malicious activity on your computer.
  • Practice smart browsing habits. Don’t open random emails or files, and only download files from trusted websites.
  • Avoid Adobe Flash Player whenever possible. While the claims haven’t been proven, Adobe Flash Player has been linked to malware attacks in the past.

Awareness is key when it comes to detecting malware like Mshelper. While this malware won’t steal your personal information, it does infringe on your ability to use your computer. You can avoid malware like this by installing a reliable antivirus on your computer.

How to remove ‘mshelper’ the latest mac malware

Macs may have a reputation for being resilient to malware, but no technology is immune to the ever-increasing range of digital dangers.

If your Mac’s battery is draining faster than usual, the fan sounds louder, or the casing is getting hot for no readily apparent reason, then you may be feeling the affects of the latest piece of Mac malware.

Recently, Mac users have noticed a mystery ‘mshelper’ program burning through their CPU cycles at an alarming rate. While it’s not currently clear what this program is doing, one popular theory is that it’s part of a crypto-mining operation that’s designed to generate cryptocurrency from your computer, without your knowledge or permission – a process that could potentially permanently damage your hardware.

Any CPU-hungry application is bad news for your Mac’s battery life and overall performance, so if your Mac is running a little louder, slower or hotter than usual then it’s worth checking whether mshelper has infected your Mac.

Is mshelper burning through my system resources?

The easiest way to check whether mshelper is affecting your Mac, is to use macOS’ built-in Activity Monitor app:

  • Open a new ‘Finder’ window.
  • Navigate to ‘Applications > Utilities.’
  • Launch Activity Monitor.
  • Select the ‘CPU’ tab.

How to remove ‘mshelper’ the latest mac malware

  • Search for ‘mshelper.’

If Activity Monitor returns zero results, then congratulations, your Mac is in the clear! However, if mshelper does crop up in your search results, then for the sake of your Mac’s battery life and overall performance, you should remove all trace of it from your machine.

Delete mshelper without any third party software

To banish mshelper without downloading any additional software, you’ll need to delete two files from deep in your Mac’s library, and then quit the mshelper process.

  • Open a ‘Finder’ window.
  • Select ‘Go > Go to Folder… ‘ from the menu bar.
  • Enter ‘/Library/LaunchDaemons’ and then click ‘Go.’
  • Find a file named ‘com.pplauncher.plist,’ delete it and then empty the Trash.
  • Select ‘Go > Go to Folder…’ from the menu bar.
  • Enter ‘/Library/Application Support,’ then click ‘Go.’
  • Find a file named ‘pplauncher,’ delete it and then empty the Trash.

Finally, you’ll need to stop the ‘mshelper’ process:

  • Relaunch Activity Monitor (‘Applications > Utilities > Activity Monitor.’)
  • Select the ‘mshelper’ process.
  • Click the ‘Force a process to quit’ icon (towards the upper-left of Activity Monitor).

Removing mshelper with EtreCheck 4

Alternatively, you can detect and remove mshelper using the third party Etrecheck application.

EtreCheck is priced at €15.00 / $10 USD, but you can run it for free a few times before deciding whether EtreCheck is right for you.

To search your Mac using EtreCheck:

  • Download the latest version of EtreCheck.
  • Unzip the EtreCheck file, and then launch the application.
  • Click the bouncing EtreCheck icon that should have appeared in your Dock.
  • Read the terms and conditions, and if you’re happy to proceed then click ‘I agree.’
  • Open the ‘Choose a problem’ dropdown, and then select ‘Computer is too slow.’

How to remove ‘mshelper’ the latest mac malware

  • Click ‘Start EtreCheck.’

If mshleper is present on your machine, then EtreCheck will notify you and help you remove it. After removing mshelper, it’s recommended that you launch Activity Monitor, check for the mshelper process, and manually stop it, if necessary.

Before you go

After spending over 20 years working with Macs, both old and new, theres a tool I think would be useful to every Mac owner who is experiencing performance issues.

CleanMyMac is highest rated all-round cleaning app for the Mac, it can quickly diagnose and solve a whole plethora of common (but sometimes tedious to fix) issues at the click of a button. It also just happens to resolve many of the issues covered in the speed up section of this site, so Download CleanMyMac to get your Mac back up to speed today.

Wondering if it’s true that Mac is safe from viruses? The answer is a big NO! Even after taking all the security measures, Mac is still not safe, and its time we accept that malware does exist in Mac.

Now, like Windows users and everyone else, Mac users too will have to be aware of the latest malware and vulnerabilities.

Recently, a new malware was found affecting MacOS, called ‘mshelper’, which uses extra resources of CPU to slow down your system. Let us know more about this malware.

What is ‘mshelper’?

To compromise system’s security for stealing personal and financial information, ‘mshelper’ is a trojan that can make it happen. It will try to use all the heavy Mac resources, which will make system’s processor work slow, and will take up more battery.

Mshelper gets into your system while you visit porn sites, or open some attachment from a spam email, or even when you install a freeware.

Once, mshelper enters your system, to weaken the firewall, it will change settings of registry. This will further create a way in for hackers to get into your system and invade your privacy.

That’s not all, it can also insert codes into system’s web browser, so that when you open a browser, it will redirect you to the website, which is hosted by hackers. By this, they can easily get access to your personal and financial information.

What else can ‘mshelper’ do to your Mac?

1. It weakens your firewall and antivirus suite to invade more infections.

2. It can also corrupt your web browser, after which, it will redirect you to the malicious and unsafe sites.

3. It will try to use all the heavy resources, making your system and processor slow and corrupt.

However, if your Mac is infected with ‘mshelper’, you can remove it easily, by following the tutorials given, which will assist you to kill it permanently.

How to Find ‘mshelper’ in Mac?

1. Go to Utilities Folder and search for ‘Activity Monitor’.

2. Open Activity monitor.

How to remove ‘mshelper’ the latest mac malware Source: imore

3. Now, in Activity Monitor, tap on ‘CPU’ tab given.

4. From the left panel, click on ‘Process Name’, which will sort all the processes in alphabetical order, or you can even tap on ‘%CPU’, to sort the order of processes based on the percentage of the processor that process or a task is using.

How to remove ‘mshelper’ the latest mac malware Source: imore

5. Once you are done with the above steps, start searching for ‘mshelper’, and when sorted by the %CPU, it should be in the top results.

NOTE: This process restarts even after you kill it. This can only be stopped by removing ‘mshelper’ from the system.

Steps to Remove/Delete ‘mshelper’ from Mac

To completely remove ‘mshelper’ from your system, there are two files that should be deleted from the Mac library. Let’s see how it is done.

1. Go to a ‘Finder’ window.

How to remove ‘mshelper’ the latest mac malware Source: imore

2. Now, from the Finder window, select your Mac’s internal storage.

3. In internal storage, select the ‘Library’ folder and open it.

4. After this, from the Library folder, select and open ‘LaunchDaemons’ folder.

How to remove ‘mshelper’ the latest mac malware Source: imore

5. Now, find the file named ‘com.pplauncher.plist’, and right click on it. Just after a right-click, from the context menu, select ‘Move to Trash’ option.

To delete the second file:

1. Press the back arrow in Finder window (Last window you were at).

2. Now, here search and find ‘Application Support’.

How to remove ‘mshelper’ the latest mac malware Source: imore

3. In Application Support, find the file named ‘pplauncher’, and right click on it. Just after a right-click, from the context menu, select ‘Move to Trash’ option.

These steps will completely remove ‘mshelper’ from your Mac, making it more safe and secure. Once you are done with these steps, restart your Mac, and check ‘%CPU’ tab again, if it’s no longer there, then you have successfully deleted ‘mshelper’ from Mac. Congratulations!!

If you found this helpful, please let us know. You can also drop your feedback in the comment section below.

How to remove ‘mshelper’ the latest mac malware

If your Mac is running hot and is consuming its battery at a higher rate than expected in recent days, you may be affected by ‘mshelper.’ AppleInsider explains how to check for the resource-consuming malware, and how to stop it from slowing down macOS.

New malware affecting macOS has started to circulate, with reports from Mac users on Apple’s support forums and Reddit revealing systems are being affected by it. Affected Mac systems typically have their processor running at full tilt, which can prevent other software from working optimally due to resources being used on this unwanted program.

The high processor usage can also cause the Mac to run its fans constantly to try and cool everything down. For MacBook users, mshelper’s interference also means the battery life will erode away faster than normal.

It is unknown what exactly mshelper is doing to utilize the processor at such a high rate, but speculation on the Apple support forum suggests it could be some form of adware, or possibly a program used for mining cryptocurrency on a victim’s computer. Aside from using the processor, there also doesn’t seem to be any other issues it causes on affected desktops, as is typical with ransomware.

As it isn’t a virus, it is likely mshelper is distributed through an installation of another piece of software rather than spreading organically.

Checking for mshelper

Open Activity Monitor, which can be found in the Applications folder under Utilities. Alternately, you can search for “Activity Monitor” in Finder, under a “This Mac” search.

Once Activity Monitor is open, click CPU to bring up a list of processes currently using it, then click the Process Name tab to sort the list by alphabetical order. Scroll down the list until you reach where mshelper would appear alphabetically.

How to remove ‘mshelper’ the latest mac malware

You can also click %CPU to sort the list by processor usage. As mshelper is a processor-intensive program, it should appear at the top of the list.

How to remove ‘mshelper’ the latest mac malware

If it appears at all, then the next task is to eliminate it from macOS.

Removing mshelper

While it is possible to kill the process, this is futile due to it automatically restarting once closed. One way to stop this from happening is to delete just two files buried in the Mac’s library.

How to remove ‘mshelper’ the latest mac malware

In Finder, select your Mac’s internal storage, then select Library followed by the LaunchDaemons folder. Select com.pplauncher.plist and delete it.

The other file is also found in the Library, under Application Support then pplauncher. Select and delete pplauncher.

At this point, you can kill the process.

Further notes

Apple does operate its own anti-malware protection system in macOS, designed to protect against threats known to the company. While it isn’t currently protecting against this issue, it is highly probable Apple will include changes in a future update to prevent it from working.

AppleInsider has affiliate partnerships and may earn commission on products purchased through affiliate links. These partnerships do not influence our editorial content.

Comments (19)

racerhomie3

This most likely shipped with pirated software .

lkrupp

This most likely shipped with pirated software .

In other words, you get what you pay for and in this case what you didn’t pay for.

Mike Wuerthele

This most likely shipped with pirated software .

It seems likely. We’re trying to run it down.

bulk001

This most likely shipped with pirated software .

You do realize that there is lots of software that is available for download for free right? Maybe you are new to the Internet . [facepalm]

racerhomie3

This most likely shipped with pirated software .

Trusted developers & websites do not ship adware with their software.

Related Articles

How to remove ‘mshelper’ the latest mac malware

How to get back ‘Other’ storage on the iPhone or iPad

Apple has recently made changes to how iOS handles the mysterious “other” storage on iPhone and iPad, but it’s still not obvious how you can get back some of that space for yourself. Here’s how to do it.

How to remove ‘mshelper’ the latest mac malware

How to stop AirPods automatically switching between devices

Having your AirPods, or AirPods Pro switch from your iPhone to your Mac as you sit down at your desk is a brilliant idea, and really frustrating in practice. Here’s how to stop it.

How to remove ‘mshelper’ the latest mac malware

How to get more from Apple’s Measure app

The cute but slow Measure app has been revitalized by LiDAR on the iPhone 12 Pro to become far faster and even more useful.

How to remove ‘mshelper’ the latest mac malware

Mac users around the web are reporting that new malware affecting macOS is circulating under the name mshelper. The malware apparently causes a Mac’s processor to run near 100%, which could prevent other applications from performing well or, in some cases, at all. Continually running the processor at its maximum capacity also has the effect of draining a Macbook’s battery more rapidly which will have an adverse effect on its overall health.

If you’re experiencing these problems and think it might be due to the mshelper malware, know that you can remove it from your system. Here’s what you need to do.

How to check your Mac for mshelper

To see if mshelper is running on your Mac, you’re going to need to open up Activity Monitor.

    Open Activity Monitor from your Dock or Utilities folder.

Click CPU if it isn’t already clicked.

How to remove ‘mshelper’ the latest mac malware

Scroll through the list until you find mshelper. When sorting by processor usage percentage, it should be near the top.

How to remove ‘mshelper’ the latest mac malware

The process automatically starts up again if you kill it, so there’s really no need until you remove mshelper from your system.

How to remove mshelper

These steps involve going into your Mac’s Library folder.

    Open a new Finder window.

Click on your Mac’s internal storage.

How to remove ‘mshelper’ the latest mac malware

Open on the LaunchDaemons folder.

How to remove ‘mshelper’ the latest mac malware

Click Application Support.

How to remove ‘mshelper’ the latest mac malware

  • Right-click, Control-click, or two-finger-click (when using a trackpad) on the pplauncher folder.
  • Click Move to Trash from the menu that appears.
  • Questions?

    If you have any questions about removing mshelper from your Mac, be sure to let us know in the comments.

    Share & comment

    Share & comment

    If your Mac seems to be running with a significantly reduced battery life for no reason or the fan seems to be in overdrive, it might be advisable to check for a certain malware that is currently making the rounds.

    How to remove ‘mshelper’ the latest mac malware

    According to a new report from 9to5Mac, people have been describing a certain process called “mshelper” using a lot of CPU usage for no apparent reason. Not much is known about the malware so far, but according to the report, it is likely to be either some form of adware or cryptocurrency miner.

    Watch the Latest Apple Technology News Below

    There is currently no evidence that “mshelper” is a virus, so a likely explanation for its spread is an incognito download alongside the download of another application. It’s not a zero-day exploit either, as a result of it not being a new vulnerability that the malware is exploiting.

    To check for mshelper, launch Activity Monitor and then click on the CPU tab to sort by highest CPU usage. If mshelper is on your Mac, it should show up near the top of the list.

    If it is present, simply killing the process doesn’t fix things, as it will restart itself. But you can remove it from your system by deleting the following two files:

    1. /Library/LaunchDaemons/com.pplauncher.plist
    2. /Library/Application Support/pplauncher/pplauncher

    The Reddit and Apple Support threads mention a utility called “EtreCheck” that is said to be able to find the malware, even when other apps can’t. We can’t vouch for its accuracy, so run that one at your own risk.

    Until Apple adds the malware to their macOS blacklist to disable it, the above should solve it short term.

    Have you known people (or are you the person) that proudly say that Macs are free of malware and can’t be infected by viruses? Well, you, or those people, need to reassess this statement, because Macs are not safe from havocs, as highlighted through the recent penetration of the “mshelper” malware which has been making rounds for a while now.

    How to remove ‘mshelper’ the latest mac malware

    A while ago, some owners of Mac computers began to wonder why their device’s battery life is almost non-existent and why the internal fans of the machine are running at full speed even though there are no processes or apps running on a level that would require the CPU to consume a lot of energy.

    If any of these things have happened to you, then it is the right time that we educate you on the mshelper malware that has been identified on Mac computers. The malware drains the CPU of its energy by consuming a lot of Mac’s resources.

    At the moment, there is no evidence to suggest that mshelper is a virus or it is causing major harm to the Mac itself. Our best guess is that it is some a type of cryptocurrency miner or an adware that’s infecting machines around the world and leveraging the power of the computing devices to mine currencies for creators.

    Also, there are no details on how it gets on the mac, so users should be very careful with general installations as well as when they’re installing software from third-party sources that they haven’t downloaded from in the past.

    How to Find and Delete Mshelper Malware from your Mac

    However, if you have a Mac, you might be curious about it, so here’s what is needed. Here’s how to determine whether your machine is infected with the virus or not.

    1. On your Mac, launch the application for “Activity Monitor.”
    2. Click the “CPU” tab inside the app to ensure each process is sorted in such an order that it shows the ones consuming most resources. If there’s a process called mshelper at the very top, your machine is infected.

    How to remove ‘mshelper’ the latest mac malwareIf you find mshelper there, know that it can’t be killed off because it will restart its process again. To remove it, the following two files should be deleted at the mentioned paths:

    How to remove ‘mshelper’ the latest mac malware

    Deleting these files will likely help you get rid of mshelper. We also believe Apple is aware of the issue and it will be added to the macOS backlist pretty soon. Until then, you know what to do to get rid of it.

    “New Mac cryptominer malware, dubbed ‘mshelper,’ is in the news, with many affected customers flocking to Reddit and Apple Support Communities to gain more information and learn how to remove malicious code from an infected system,” Christian Zibreg reports for iDownloadBlog.

    “Cryptojacking is designed to mine cryptocurrency on your computer without your knowledge, which can often push your Mac’s CPU to overwork itself and hog other resources,” Zibreg reports. “The payload appears to be delivered via modified downloads such as the Adobe Flash installer.”

    “Until Apple adds ‘mshelper’ to macOS’s Quarantine blacklist, you will need to manually detect and remove this malware from your system,” Zibreg reports. “As noted by MalwareBytes, even though this particular malware won’t steal or delete your data, it will make using your computer a pain. Due to high CPU usage, the computer will become unresponsive, run slowly and may crawl to a halt. Because the CPU is fully utilized, your Mac notebook’s fan may kick into overdrive as well. If your Mac is getting a little warmer and louder for no apparent reason, it may be infected with ‘mshelper.’ Here’s how to check if ‘mshelper’ has infected your system and how to remove it.”

    Read more in the full article here.

    MacDailyNews Take: if you’ve got “mshelper,” nuke it. It’s not helping anybody except the criminals stealing your CPU cycles.

    Related

    Previous Post

    Next Post

    12 Comments

    ironically, when I checked my CPU load, “MacDailyNews.com” was taking up 50% of my CPU. Now it’s hovering at 56%.

    nice job, asshats.

    17% to 31%, asshat, on Safari, due mostly to the ad load, which most likely comes from Google Ads.

    Oh no. There’s a lot more advertising at MDN than mere Google. Right now, uBlock Origin is listing 205 (Two Hundred and Five) pieces of off-site, ahem, stuff. The non-Google advertising sources include:

    addthis.com
    amazon-adsystem.com
    buysellads.com
    deployads.com
    earnify.com
    pagefair.com
    pagefair.net
    taboola.com
    teads.tv
    tradingview.com
    zergnet.com

    (If any of the above are not actually serving ads, my apologies).

    Uh, um, make that now 274 pieces of off-site stuff. It keeps growing as I watch. And, it’s now leveled off.

    274 is a record, in my experience. No wonder people use… [you know what I mean].

    Oh sorry. Now that I’ve posted again, the count is up to 337 pieces of stuff attempting to load on this page. I took a screenshot for posterity and public talks I give about Internet technology. People aren’t going to believe this.

    “pplauncher”……wasn’t that an R.Kelly tune??

    Can’t launch the full article – I wonder if idownloadblog.com has been hit by cryptocurrency hackers because of the article…

    Just tried bringing it up in Firefox – worked fine. A Safari problem…

    Note that when you follow the link to iDownload Blog- it asks for your location.
    With Ghostery on the content will not even load.

    (0_o) Again, this is incomplete information. Playing at being a computer security expert is a bad idea. The case of mshelper points out that it takes time, study and experience to be helpful in the field, as opposed to being a detriment. *cough*cough*

    At least the iDB article sites and takes a lesson from the first and so far only decent article published about mshelper so far, by Thomas Reed @Malwarebytes:

    New Mac cryptominer uses XMRig
    [Wordpress freaks every time I post the URL for this article. Sorry I can’t post it. But you’ll find it at the Malwarebytes Blog.]

    NOTE: The actual malware vector is NOT mshelper. That’s just a secondary infection created by the source malware called pplauncher. If you don’t kill pplauncher, you’re going to be RE-infected with mshelper or something else by way of pplauncher.

    Here’s a COMPLETE list of malware crud to remove before you RESTART your Mac, in order or priority:

    /Library/Application Support/pplauncher/pplauncher
    – This is the source culprit that was initially infected into your Mac. The vector used for this infection is still under investigation. Check back next week for more.

    2) /tmp/mshelper/mshelper
    – This is the secondary infection instigated by pplauncher. As far as we know, pplauncher may have moved on to infect Macs with some other malware by now. Therefore, again: Nail pplauncher first, then restart your Mac. Please note that, despite 9to5 Mac having amended their initial wrong instructions, they STILL at this time have screwed up by leaving out THIS STEP. Very naughty. This step is crucial. Shame on them.

    3) /Library/LaunchDaemons/com.pplauncher.plist
    – After you’ve killed pplauncher and restarted your Mac, this plist file is inert. Throw it in the trash as leftover rubbish.

    As Thomas Reed points out, ‘mshelper’ is actually an old and legitimate crypto mining program called XMRig miner. In and of itself, it’s NOT malware. However, as a secondary infection, it’s the payload dropped by the pplauncher malware.

    IOW: The actual malware is pplauncher. Malwarebytes recognizes it as OSX.ppminer.

    Using the published malware naming standard, it is known as OSX.Trojan.ppminer.A.

    For those who’d, rightfully, like to have the URL to Thomas Reed’s article “New Mac cryptominer uses XMRig”, see if you can piece together the URL from these inoffensive fragments, created to workaround whatever-the-f is wrong with WordPress:

    h
    t
    t
    p
    s
    (slash)
    (slash)
    blog(dot)malwarebytes(dot)com
    (slash)
    threat-analysis
    (slash)
    mac-threat-analysis
    (slash)
    2018
    (slash)
    05
    (slash)
    new-mac-cryptominer-uses-xmrig
    (slash)

    The frontmost MacDailyNews page in Safari takes between 25 and 45% of my CPU time.
    Is MDN mining cryptocurrencies (or worse)?

    Reader Feedback Cancel reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    • Reddit
    • Twitter
    • Facebook
    • Parler
    • Tumblr
    • LinkedIn
    • WhatsApp
    • Email
    • More
    • Print
    • Pinterest
    • Pocket
    • Telegram
    • Skype

    T-Mobile ‘Great 5G Upgrade’ includes Apple’s iPhone 12 lineup

    T-Mobile today unveiled the “Great Free 5G Phone Upgrade” which includes a free 5G smartphone, including the best-selling iPhone 12 lineup…

    Apple TV+ series ‘The Problem with Jon Stewart’ to debut in fall 2021

    Apple TV+ today revealed the title of the coming new current affairs series from host, writer, producer and director Jon Stewart …

    Apple to start enforcing new app privacy notifications in coming weeks

    Apple said on Wednesday that in the coming weeks it will start enforcing new privacy notifications — App Tracking Transparency — that…

    Apple’s Find My network now offers new third-party finding experiences

    Apple today introduced the updated Find My app, allowing third-party products to use the private and secure finding capabilities of Apple’s…

    Apple TV+ debuts official trailer for ‘The Mosquito Coast’

    Apple TV+ today debuted the official trailer for “The Mosquito Coast,” the seven-episode series created for television and executive produced…

    “If your Mac seems to be running at high fan rates or you’re seeing reduced battery-life for no apparent reason, you may want to check for some Mac malware that seems to be going around,” Ben Lovejoy writes for 9to5Mac.

    “A couple of support threads have described people finding a process called mshelper using a lot of CPU usage,” Lovejoy writes. “From the little that’s known about it so far, it seems this is either adware or a cryptocurrency miner.”

    “Despite the heading in the Reddit thread, there’s no evidence that it’s a virus,” Lovejoy writes, “so the most likely explanation for its spread is a sketchy download which installs it alongside some other app.”

    How to check for – and remove – the Mac malware mshelper here.

    MacDailyNews Take: Let us know if you find it on your Mac(s)!

    Related

    Previous Post

    Next Post

    14 Comments

    great article, i will check my macbook pro during this weekend for this pest adware

    Please tell us when you comb your hair and have breakfast on Saturday too.

    Made you a song called Snoop Dogue, check it out at the end of this thread

    Given the name of this adware is MShelper, i wonder if this is a Micro$hit pest adware or the virus maker having a sense of humor at Micro$hits expense. I am very certain my Macbook does not have this as its running smoothly but a check will be prudent, and if i do find it i will delete the 2 files

    Most likely the source is not Microsoft. Quite a lot of Mac users have Microsoft software on their computers, so something named “mshelper” looks like it belongs there.

    I doubt anyone is going to write malware and name the process “haha-gotcha.”

    Hey Snoop, it stands for Mutant Snoop Helper. I made this pestware in honor of you.

    Whats with the “Virus” infecting Mac Daily News? Every time I go in this site with Java enabled I get a steady stream of downloads and a warning that my Mac is infected. I have to kill Safari reopen it and turn off Java before I come back.

    Yeah just delete Java. MDN does this as a community IQ test, and buddy, you’re failing it time and again

    Yeah just delete Java. MDN does this as a community IQ test, and buddy, you’re failing it time and again

    This is odd reporting, particularly for this day and age. Not knowing where this apparent Trojan horse comes from or what it does is irresponsible and unprofessional. The anti-malware community has enough problems adhering to scientific methods without foisting abstract articles about mystery malware to rile up the masses.

    IOW: Have fun digging into your Library folder. But A LOT more needs to be known about this mystery malware before triggering a worry stampede. If this thing is legit, let’s get some real data about the thing reported to the public. What a mess this would have been if “mshelper” had been a legitimate set of application files.

    ‘No Billy. That’s not a “wolf”. It’s the neighbor’s dog.’

    A test of a WordPress bug.

    Thank you to my long time colleague Thomas Reed @Malwarebytes for beginning to clear the fog and wrong information about this malware!

    We now know what it does. It’s cryptocurrency mining software. The previous instructions for removing it were incomplete and did not remove the core malware. In the future, I hope 9to5 Mac consult with computer security professionals before they post incomplete information. Thankfully, 9to5 Mac has amended their original post and provided the actually useful information provided at the Malwarebytes blog. I have not posted the link to the article because WordPress is in a mood and won’t let me. (0_o)

    The blog article by Thomas Reed at the Malwarebytes is entitled “New Mac cryptominer uses XMRig”. Do a web search with that title and you’ll find it.

    What you must remove are the following files, then restart your Mac:

    The further three installed malware files can be removed after your restart. They’re inert without the above two executables.

    Meanwhile, we still don’t know the infection vector. Check back next week.

    I checked my Mac and found the pest ware

    snoopdoguehelpaa.ai on my Mac chewing up 42.0% of CPU. It was smokin’…

    Snoop a pose
    Piss on rose
    (Dogue, dogue, dogue)
    (Dogue, dogue, dogue)
    Look around, everywhere you turn is snoop’s poop ache
    It’s everywhere that you go (look around)
    You try everything you can to escape
    The pain of life that you know (life that you know)
    When all else fails and you long to be
    Something better than you are today
    I know a place where you can get away
    It’s called Mac Daily News, and here’s what it’s for, so
    Snoop on, dogue
    Let your nose yeah sniff to the music (sniff to the music)
    Hey, hey, hey
    Snoop on, Dogue
    Let your body nose go with the flow (nose with the flow)
    You know you can snoop it
    All you need is your own imagination
    So use it that’s what it’s for (that’s what it’s for)
    Go inside, for your finest inspiration
    Your snoop will open the door (open up the door)
    It makes no difference if you’re black or white (or a dogue)
    If you’re a boy dogue or a girl
    If the music’s pumping it will give you new life
    You’re a superstar, yes, that’s what you are, you know it
    Snoop on, Dogue
    Let your dog nose sniff to the music (sniff to the music)
    Hey, hey, hey
    Snoop on, dogue
    Let your body nose with the flow (nose with the flow)
    You know you can do it
    Backyard’s where you find it
    Not just where you bump and dig it
    Bones in the backyard, oh
    That’s where I feel so beautiful
    Magical, life’s a tennis ball
    So get up on and run around the park
    Snoop on, dogue
    Let your body run find the ball (run find the ball)
    Hey, hey, hey
    Snoop on, Dogue

    Reader Feedback Cancel reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    • Reddit
    • Twitter
    • Facebook
    • Parler
    • Tumblr
    • LinkedIn
    • WhatsApp
    • Email
    • More
    • Print
    • Pinterest
    • Pocket
    • Telegram
    • Skype

    T-Mobile ‘Great 5G Upgrade’ includes Apple’s iPhone 12 lineup

    T-Mobile today unveiled the “Great Free 5G Phone Upgrade” which includes a free 5G smartphone, including the best-selling iPhone 12 lineup…

    Apple TV+ series ‘The Problem with Jon Stewart’ to debut in fall 2021

    Apple TV+ today revealed the title of the coming new current affairs series from host, writer, producer and director Jon Stewart …

    Apple to start enforcing new app privacy notifications in coming weeks

    Apple said on Wednesday that in the coming weeks it will start enforcing new privacy notifications — App Tracking Transparency — that…

    Apple’s Find My network now offers new third-party finding experiences

    Apple today introduced the updated Find My app, allowing third-party products to use the private and secure finding capabilities of Apple’s…

    Apple TV+ debuts official trailer for ‘The Mosquito Coast’

    Apple TV+ today debuted the official trailer for “The Mosquito Coast,” the seven-episode series created for television and executive produced…