{"id":4647,"date":"2018-06-08T19:00:07","date_gmt":"2018-06-08T13:30:07","guid":{"rendered":"https:\/\/antivirus.comodo.com\/blog\/?p=4647"},"modified":"2025-07-07T16:03:25","modified_gmt":"2025-07-07T10:33:25","slug":"monreo-malware-attacking-mac-devices","status":"publish","type":"post","link":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/","title":{"rendered":"Monreo Malware Attacking Mac Devices"},"content":{"rendered":"
\n\"Monreo<\/p>\n<\/div>\n

In the last week of May, researchers announced of a new Mac-based cryptojacking attacking the Apple\u2019s forums. The malware deceived users to unintentionally run software that mines privacy coin monreo which is the most preferred cryptocurrency for hackers.<\/p>\n

The mysterious attack came to light when a user accidentally discovered that a process called \u201cmshelper\u201d was consuming large amounts of central processing unit (CPU) power, and in the process was overheating the cooling fans. The user also reported that mshelper was continually appearing in the CPU section and the threat report<\/a> generated by Activity Monitor indicated that the appearing occurred at unusual levels.<\/p>\n

A further drill down into the issue showcased other suspicious processes were installed as well. As a result, many other Mac users started investigating on their devices and found it to be infected too.<\/p>\n

The further drill down into the issue revealed three main components of the malware, the dropper, launcher, and the miner.<\/p>\n

#Dropper<\/strong> \u2013 The program which downloads the malware.Here the program was downloaded as it arrived in the form of an Adobe Flashplayer install file.<\/p>\n

#Launcher<\/strong> \u2013 Its function is to install and launch the malware. The launcher file called \u2018pplauncher\u2019 was kept active by a launch daemon.<\/p>\n

#Miner<\/strong> – As mentioned above the miner is \u201cmshelper\u201d which is based on XMRig, an open source monero miner. This is an open source which i is readily available for install on Macs. (https:\/\/carnegiecenterlex.org\/<\/a>) <\/p>\n

The malware is vexatious, is not complex, and can be quickly eliminated. In the recent years, there is an increasing number of Mac cryptominer attacks. Optimistically, many users assume that the trend is common in the Windows PCs alone, however, Mac crypto mining malware attacks are steadily increasing in the recent times.<\/p>\n

To better address these issues, you need a robust malware removal<\/a> program that offers all-around protection. Comodo Antivirus for Mac<\/a> is such a solution which can quickly identify and eliminate malicious software without modifying end-user experience. Comodo Antivirus for Mac enables only known good files to run on a device with unlimited access, enabling users to run anything on their computer without fear of infection. Try Comodo Antivirus<\/a> today!<\/p>\n

If you think your Mac is infected with this malware, Comodo Antivirus for Mac will remove it. Visit our official page to download!<\/p>\n

\"comodo<\/a><\/p>\n

\"comodo<\/a><\/p>\n

Related Resources:<\/strong><\/p>\n

Antivirus for iPhone<\/a>
\nBest Antivirus for Mac<\/a>
\nwindows antivirus<\/a>
\nWebsite Malware Scanner<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

In the last week of May, researchers announced of a new Mac-based cryptojacking attacking the Apple\u2019s forums. The malware deceived users to unintentionally run software that mines privacy coin monreo which is the most preferred cryptocurrency for hackers. The mysterious attack came to light when a user accidentally discovered that a process called \u201cmshelper\u201d was […]<\/p>\n","protected":false},"author":5,"featured_media":521,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[190,26],"class_list":["post-4647","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-comodo-news","tag-cryptojacking","tag-malware"],"yoast_head":"\nMonreo Cryptojacking Malware Attacks Mac Devices | Comodo<\/title>\n<meta name=\"description\" content=\"Monreo Cryptojacking malware attacks happened on Mac Devices which deceived users to unintentionally run software that mines privacy coin monreo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Monreo Cryptojacking Malware Attacks Mac Devices | Comodo\" \/>\n<meta property=\"og:description\" content=\"Monreo Cryptojacking malware attacks happened on Mac Devices which deceived users to unintentionally run software that mines privacy coin monreo.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/\" \/>\n<meta property=\"og:site_name\" content=\"Comodo Antivirus Blogs | Anti-Virus Software Updates\" \/>\n<meta property=\"article:published_time\" content=\"2018-06-08T13:30:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-07T10:33:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/catching-malware-Copy.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"225\" \/>\n\t<meta property=\"og:image:height\" content=\"170\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"seo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"seo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/\",\"name\":\"Monreo Cryptojacking Malware Attacks Mac Devices | Comodo\",\"isPartOf\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/catching-malware-Copy.jpg\",\"datePublished\":\"2018-06-08T13:30:07+00:00\",\"dateModified\":\"2025-07-07T10:33:25+00:00\",\"author\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\"},\"description\":\"Monreo Cryptojacking malware attacks happened on Mac Devices which deceived users to unintentionally run software that mines privacy coin monreo.\",\"breadcrumb\":{\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/#primaryimage\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/catching-malware-Copy.jpg\",\"contentUrl\":\"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/catching-malware-Copy.jpg\",\"width\":225,\"height\":170,\"caption\":\"What is Malware\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/antivirus.comodo.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Monreo Malware Attacking Mac Devices\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#website\",\"url\":\"https:\/\/antivirus.comodo.com\/blog\/\",\"name\":\"Comodo Antivirus Blogs | Anti-Virus Software Updates\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462\",\"name\":\"seo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g\",\"caption\":\"seo\"},\"url\":\"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Monreo Cryptojacking Malware Attacks Mac Devices | Comodo","description":"Monreo Cryptojacking malware attacks happened on Mac Devices which deceived users to unintentionally run software that mines privacy coin monreo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/","og_locale":"en_US","og_type":"article","og_title":"Monreo Cryptojacking Malware Attacks Mac Devices | Comodo","og_description":"Monreo Cryptojacking malware attacks happened on Mac Devices which deceived users to unintentionally run software that mines privacy coin monreo.","og_url":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/","og_site_name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","article_published_time":"2018-06-08T13:30:07+00:00","article_modified_time":"2025-07-07T10:33:25+00:00","og_image":[{"width":225,"height":170,"url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/catching-malware-Copy.jpg","type":"image\/jpeg"}],"author":"seo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"seo","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/","url":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/","name":"Monreo Cryptojacking Malware Attacks Mac Devices | Comodo","isPartOf":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/#primaryimage"},"image":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/#primaryimage"},"thumbnailUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/catching-malware-Copy.jpg","datePublished":"2018-06-08T13:30:07+00:00","dateModified":"2025-07-07T10:33:25+00:00","author":{"@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462"},"description":"Monreo Cryptojacking malware attacks happened on Mac Devices which deceived users to unintentionally run software that mines privacy coin monreo.","breadcrumb":{"@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/#primaryimage","url":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/catching-malware-Copy.jpg","contentUrl":"https:\/\/antivirus.comodo.com\/blog\/wp-content\/uploads\/catching-malware-Copy.jpg","width":225,"height":170,"caption":"What is Malware"},{"@type":"BreadcrumbList","@id":"https:\/\/antivirus.comodo.com\/blog\/comodo-news\/monreo-malware-attacking-mac-devices\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/antivirus.comodo.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Monreo Malware Attacking Mac Devices"}]},{"@type":"WebSite","@id":"https:\/\/antivirus.comodo.com\/blog\/#website","url":"https:\/\/antivirus.comodo.com\/blog\/","name":"Comodo Antivirus Blogs | Anti-Virus Software Updates","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/antivirus.comodo.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/e534eccce9a7e6ced088443c73329462","name":"seo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/antivirus.comodo.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3b7714e98dafc3a3b391832c0f5e2b406856b62c8e81ad94382c197cdb380790?s=96&d=mm&r=g","caption":"seo"},"url":"https:\/\/antivirus.comodo.com\/blog\/author\/seo\/"}]}},"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/4647","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/comments?post=4647"}],"version-history":[{"count":21,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/4647\/revisions"}],"predecessor-version":[{"id":22261,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/posts\/4647\/revisions\/22261"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media\/521"}],"wp:attachment":[{"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/media?parent=4647"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/categories?post=4647"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antivirus.comodo.com\/blog\/wp-json\/wp\/v2\/tags?post=4647"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}