macOS: Malware called “mshelper” is burning through CPU cycles, possibly as part of a crypto-mining scheme.
Checking if you have the malware is easy: just open Activity Monitor and search for “mshelper.” Killing the process doesn’t do anything—it just opens again—but users have reported that running Etrecheck, which runs diagnostics and removes malware, gets rid of mshelper quickly. Alternatively you can manually delete two files:
- /Library/Application Support/pplauncher
Do that, then kill the process, and mshelper should be gone.
It is unknown what exactly mshelper is doing to utilize the processor at such a high rate, but speculation on the Apple support forum suggests it could be some form of adware, or possibly a program used for mining cryptocurrency on a victim’s computer. Aside from using the processor, there also doesn’t seem to be any other issues it causes on affected desktops.
Whatever the application is up to, you don’t want it. Remove it as soon as you notice it.