“If your Mac seems to be running at high fan rates or you’re seeing reduced battery-life for no apparent reason, you may want to check for some Mac malware that seems to be going around,” Ben Lovejoy writes for 9to5Mac.
“A couple of support threads have described people finding a process called mshelper using a lot of CPU usage,” Lovejoy writes. “From the little that’s known about it so far, it seems this is either adware or a cryptocurrency miner.”
“Despite the heading in the Reddit thread, there’s no evidence that it’s a virus,” Lovejoy writes, “so the most likely explanation for its spread is a sketchy download which installs it alongside some other app.”
How to check for – and remove – the Mac malware mshelper here.
MacDailyNews Take: Let us know if you find it on your Mac(s)!
great article, i will check my macbook pro during this weekend for this pest adware
Please tell us when you comb your hair and have breakfast on Saturday too.
Made you a song called Snoop Dogue, check it out at the end of this thread
Given the name of this adware is MShelper, i wonder if this is a Micro$hit pest adware or the virus maker having a sense of humor at Micro$hits expense. I am very certain my Macbook does not have this as its running smoothly but a check will be prudent, and if i do find it i will delete the 2 files
Most likely the source is not Microsoft. Quite a lot of Mac users have Microsoft software on their computers, so something named “mshelper” looks like it belongs there.
I doubt anyone is going to write malware and name the process “haha-gotcha.”
Hey Snoop, it stands for Mutant Snoop Helper. I made this pestware in honor of you.
Whats with the “Virus” infecting Mac Daily News? Every time I go in this site with Java enabled I get a steady stream of downloads and a warning that my Mac is infected. I have to kill Safari reopen it and turn off Java before I come back.
Yeah just delete Java. MDN does this as a community IQ test, and buddy, you’re failing it time and again
Yeah just delete Java. MDN does this as a community IQ test, and buddy, you’re failing it time and again
This is odd reporting, particularly for this day and age. Not knowing where this apparent Trojan horse comes from or what it does is irresponsible and unprofessional. The anti-malware community has enough problems adhering to scientific methods without foisting abstract articles about mystery malware to rile up the masses.
IOW: Have fun digging into your Library folder. But A LOT more needs to be known about this mystery malware before triggering a worry stampede. If this thing is legit, let’s get some real data about the thing reported to the public. What a mess this would have been if “mshelper” had been a legitimate set of application files.
‘No Billy. That’s not a “wolf”. It’s the neighbor’s dog.’
A test of a WordPress bug.
Thank you to my long time colleague Thomas Reed @Malwarebytes for beginning to clear the fog and wrong information about this malware!
We now know what it does. It’s cryptocurrency mining software. The previous instructions for removing it were incomplete and did not remove the core malware. In the future, I hope 9to5 Mac consult with computer security professionals before they post incomplete information. Thankfully, 9to5 Mac has amended their original post and provided the actually useful information provided at the Malwarebytes blog. I have not posted the link to the article because WordPress is in a mood and won’t let me. (0_o)
The blog article by Thomas Reed at the Malwarebytes is entitled “New Mac cryptominer uses XMRig”. Do a web search with that title and you’ll find it.
What you must remove are the following files, then restart your Mac:
~/Library/Application Support/pplauncher/pplauncher
/tmp/mshelper/mshelper
The further three installed malware files can be removed after your restart. They’re inert without the above two executables.
Meanwhile, we still don’t know the infection vector. Check back next week.
I checked my Mac and found the pest ware
snoopdoguehelpaa.ai on my Mac chewing up 42.0% of CPU. It was smokin’…
Snoop a pose
Piss on rose
(Dogue, dogue, dogue)
(Dogue, dogue, dogue)
Look around, everywhere you turn is snoop’s poop ache
It’s everywhere that you go (look around)
You try everything you can to escape
The pain of life that you know (life that you know)
When all else fails and you long to be
Something better than you are today
I know a place where you can get away
It’s called Mac Daily News, and here’s what it’s for, so
Snoop on, dogue
Let your nose yeah sniff to the music (sniff to the music)
Hey, hey, hey
Snoop on, Dogue
Let your body nose go with the flow (nose with the flow)
You know you can snoop it
All you need is your own imagination
So use it that’s what it’s for (that’s what it’s for)
Go inside, for your finest inspiration
Your snoop will open the door (open up the door)
It makes no difference if you’re black or white (or a dogue)
If you’re a boy dogue or a girl
If the music’s pumping it will give you new life
You’re a superstar, yes, that’s what you are, you know it
Snoop on, Dogue
Let your dog nose sniff to the music (sniff to the music)
Hey, hey, hey
Snoop on, dogue
Let your body nose with the flow (nose with the flow)
You know you can do it
Backyard’s where you find it
Not just where you bump and dig it
Bones in the backyard, oh
That’s where I feel so beautiful
Magical, life’s a tennis ball
So get up on and run around the park
Snoop on, dogue
Let your body run find the ball (run find the ball)
Hey, hey, hey
Snoop on, Dogue