Posted by Martijn Grooten on May 23, 2018
Users complaining on Apple's official discussion forum about processes that use a lot of CPU have led to the discovery of a new piece of cryptocurrency-mining malware on macOS that is based on XMRig, Malwarebytes researcher Thomas Reed writes.
The open-source XMRig Monero miner is widely used for both benign and malicious purposes. It has been ported to Linux, so its discovery in macOS malware is hardly surprising and fits a general trend that sees malicious actors switching to generating themselves a small, but reliable stream of income through mining cryptocurrencies (most commonly Monero) using other people's resources.
This malware isn't particularly advanced, Reed writes, and can easily be removed. As threats go, malicious cryptominers pale in comparison to more damaging threats such as ransomware, yet users are rightly concerned about the high CPU usage and the heat and noise that result from it – security software should, and often does, remove it.
At VB2018 in Montreal, Thomas Reed will present a paper about a more advanced threat facing macOS: a way for malware to hijack legitimate applications and use this as a means to bypass the verification of code signatures. On the subject of cryptominers, his Malwarebytes colleague Jérôme Segura will discuss the prevalent threat of 'drive-by mining'.
VB2018 takes place 3-5 October in Montreal, QC, Canada. Register now to book your place and join security researchers from around the world. Receive a 10% Early Bird discount by booking before 1 July 2018.