XMRig used in new macOS cryptominer

Posted by   Martijn Grooten on   May 23, 2018

Users complaining on Apple's official discussion forum about processes that use a lot of CPU have led to the discovery of a new piece of cryptocurrency-mining malware on macOS that is based on XMRig, Malwarebytes researcher Thomas Reed writes.

The open-source XMRig Monero miner is widely used for both benign and malicious purposes. It has been ported to Linux, so its discovery in macOS malware is hardly surprising and fits a general trend that sees malicious actors switching to generating themselves a small, but reliable stream of income through mining cryptocurrencies (most commonly Monero) using other people's resources.

monero-mining.jpg

This malware isn't particularly advanced, Reed writes, and can easily be removed. As threats go, malicious cryptominers pale in comparison to more damaging threats such as ransomware, yet users are rightly concerned about the high CPU usage and the heat and noise that result from it – security software should, and often does, remove it.

At VB2018 in Montreal, Thomas Reed will present a paper about a more advanced threat facing macOS: a way for malware to hijack legitimate applications and use this as a means to bypass the verification of code signatures. On the subject of cryptominers, his Malwarebytes colleague Jérôme Segura will discuss the prevalent threat of 'drive-by mining'.

VB2018 takes place 3-5 October in Montreal, QC, Canada. Register now to book your place and join security researchers from around the world. Receive a 10% Early Bird discount by booking before 1 July 2018.

VB2018-withdate-325w.jpg

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VB2018 paper: Analysing compiled binaries using logic

Constraint programming is a lesser-known technique that is becoming increasingly popular among malware analysts. In a paper presented at VB2018 Thaís Moreira Hamasaki presented an overview of the technique and explained how it can be applied to the…

Virus Bulletin encourages experienced speakers and newcomers alike to submit proposals for VB2019

With a little less than a month before the deadline of the call for papers for VB2019, Virus Bulletin encourages submissions from experienced speakers and newcomers alike.

VB2018 paper: Internet balkanization: why are we raising borders online?

At VB2018 in Montreal, Ixia researcher Stefan Tanase presented a thought-provoking paper on the current state of the Internet and the worrying tendency towards raising borders and restricting the flow of information. Today we publish both his paper…

The malspam security products miss: banking and email phishing, Emotet and Bushaloader

The set-up of the VBSpam test lab gives us a unique insight into the kinds of emails that are more likely to bypass email filters. This week we look at the malspam that was missed: banking and email phishing, Emotet and Bushaloader.

VB2018 paper: Where have all the good hires gone?

The cybersecurity skills gap has been described as one of the biggest challenges facing IT leaders today. At VB2018 in Montreal, ESET's Lysa Myers outlined some of the things the industry can do to help address the problem. Today we publish Lysa's…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.