XMRig used in new macOS cryptominer

Posted by   Martijn Grooten on   May 23, 2018

Users complaining on Apple's official discussion forum about processes that use a lot of CPU have led to the discovery of a new piece of cryptocurrency-mining malware on macOS that is based on XMRig, Malwarebytes researcher Thomas Reed writes.

The open-source XMRig Monero miner is widely used for both benign and malicious purposes. It has been ported to Linux, so its discovery in macOS malware is hardly surprising and fits a general trend that sees malicious actors switching to generating themselves a small, but reliable stream of income through mining cryptocurrencies (most commonly Monero) using other people's resources.

monero-mining.jpg

This malware isn't particularly advanced, Reed writes, and can easily be removed. As threats go, malicious cryptominers pale in comparison to more damaging threats such as ransomware, yet users are rightly concerned about the high CPU usage and the heat and noise that result from it – security software should, and often does, remove it.

At VB2018 in Montreal, Thomas Reed will present a paper about a more advanced threat facing macOS: a way for malware to hijack legitimate applications and use this as a means to bypass the verification of code signatures. On the subject of cryptominers, his Malwarebytes colleague Jérôme Segura will discuss the prevalent threat of 'drive-by mining'.

VB2018 takes place 3-5 October in Montreal, QC, Canada. Register now to book your place and join security researchers from around the world. Receive a 10% Early Bird discount by booking before 1 July 2018.

VB2018-withdate-325w.jpg

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2019 paper: Fantastic Information and Where to Find it: A guidebook to open-source OT reconnaissance

A VB2019 paper by FireEye researcher Daniel Kapellmann Zafra explained how open source intelligence (OSINT) can be used to learn crucial details of the inner workings of many a system. Today we publish Daniel's paper and the recording of his…

VB2019 paper: Different ways to cook a crab: GandCrab Ransomware-as-a-Service (RaaS) analysed in depth

Though active for not much longer than a year, GandCrab had been one of the most successful ransomware operations. In a paper presented at VB2019 in London, McAfee researchers John Fokker and Alexandre Mundo looked at the malware code, its evolution…

VB2019 paper: Domestic Kitten: an Iranian surveillance program

At VB2019 in London, Check Point researchers Aseel Kayal and Lotem Finkelstein presented a paper detailing an Iranian operation they named 'Domestic Kitten' that used Android apps for targeted surveillance. Today we publish their paper and the video…

VB2019 video: Discretion in APT: recent APT attack on crypto exchange employees

At VB2019 in London, LINE's HeungSoo Kang explained how cryptocurrency exchanges had been attacked using Firefox zero-days. Today, we publish the video of his presentation.

VB2019 paper: DNS on fire

In a paper presented at VB2019, Cisco Talos researchers Warren Mercer and Paul Rascagneres looked at two recent attacks against DNS infrastructure: DNSpionage and Sea Turtle. Today we publish their paper and the recording of their presentation.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.