macOS: Malware called “mshelper” is burning through CPU cycles, possibly as part of a crypto-mining scheme.

Checking if you have the malware is easy: just open Activity Monitor and search for “mshelper.” Killing the process doesn’t do anything—it just opens again—but users have reported that running Etrecheck, which runs diagnostics and removes malware, gets rid of mshelper quickly. Alternatively you can manually delete two files:

  • /Library/LaunchDaemons/com.pplauncher.plist
  • /Library/Application Support/pplauncher

Do that, then kill the process, and mshelper should be gone.

The malware was noticed by users on Apple’s forums and on Reddit, but what is it actually doing? That part is not clear. Here’s Malcolm Owen, writing for Apple Insider:

It is unknown what exactly mshelper is doing to utilize the processor at such a high rate, but speculation on the Apple support forum suggests it could be some form of adware, or possibly a program used for mining cryptocurrency on a victim’s computer. Aside from using the processor, there also doesn’t seem to be any other issues it causes on affected desktops.

Whatever the application is up to, you don’t want it. Remove it as soon as you notice it.

Profile Photo for Justin Pot Justin Pot
Justin Pot has been writing about technology for over a decade, with work appearing in Digital Trends, The Next Web, Lifehacker, MakeUseOf, and the Zapier Blog. He also runs the Hillsboro Signal, a volunteer-driven local news outlet he founded.
Read Full Bio »