The reason so much processing power is used by mshelper is because the process is a cryptocurrency miner. It uses your Mac’s horsepower to crunch numbers and mine Monero cryptocurrency for whomever created the malware. Spreading the mining process over hundreds or even thousands of computers increases the odds of the malware author to make money, but going about it the way mshelper does meant the exercise was doomed from the start.īy consuming the maximum amount of processing power, mshelper was, of course, destined to be detected very soon. It doesn’t care if you are using your Mac and need the processing power for other tasks, and it doesn’t lurk in hiding and wait for your Mac to be idle before mining. Instead, it starts mining full blast and doesn’t stop until the victim removes it from their Mac. In testing, at minimum mshelper used 50% of the available processor cores at all times.Ī LaunchDaemon is installed that ensures the miner starts after a logout or reboot, and mshelper maintains a connection with xmr-us-east1.nanopoolorg on TCP port 14444. Should Mac users be concerned about mshelper? Connections to other IP addresses and hosts were also observed, one of them being 100.ip-142-44-242net on the same TCP port number. While mshelper is mostly harmless, the biggest concern is how it lands on a system. A fake Adobe Flash Player, infected installer that came from a BitTorrent website, or even a hijacked legitimate installer that came from the original source are all potential infection vectors. How to tell if your Mac is infected (and removal instructions) As the infection vector is unknown, one should follow best security practices and have anti-virus and firewall protection installed on their system to stop malware in its tracks. The biggest giveaway indicating your Mac is infected with mshelper is the sudden increase in fan noise or heat, as the processor is tasked with mining Monero. An impact in CPU performance will also likely be noticeable. Luckily, mshelper is nothing sophisticated and is fairly easy to get rid of.įirst, open Applications > Utilities > Activity Monitor. Click in the search field at the top right side of the window and type in mshelper. If mshleper is running on your system, it will show in the list and can be seen using a decent chunk of processing power. Highlight the mshelper process by clicking on it once, and then click the X button above it to stop the process.
0 Comments
Leave a Reply. |